General
-
Target
Vietcombank_Ban Sao Thanh Toan_Pdf.exe
-
Size
23KB
-
Sample
230113-sdctpahg45
-
MD5
357dc7fc40a74f7db969a2bd89188d6d
-
SHA1
4afed0569b36c95f96bac367232cae88eb201e64
-
SHA256
bc6b7187bcc579a4fd0e7ffc54bb1a5fb9fa47a3d781bce55a8c4d9ba4df0139
-
SHA512
da23f8e01dfd78874bd274ae7cca8593ca7be0c12d3de0061630e6c737cbc87433451536ed992491568221b82548eff353bc19c7e3e6383a49d3e6a0ae261c8a
-
SSDEEP
96:P99U6k5sBsdf2XLGMRE7ng2deOFVkAwGuTFKfEPfPNAgARricsGb7kvrBzNt:Pb6KLGMWkOMAluTFCEvNesG+D
Behavioral task
behavioral1
Sample
Vietcombank_Ban Sao Thanh Toan_Pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Vietcombank_Ban Sao Thanh Toan_Pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
purecrypter
http://savory.com.bd/sav/Ezxucmj.bmp
Targets
-
-
Target
Vietcombank_Ban Sao Thanh Toan_Pdf.exe
-
Size
23KB
-
MD5
357dc7fc40a74f7db969a2bd89188d6d
-
SHA1
4afed0569b36c95f96bac367232cae88eb201e64
-
SHA256
bc6b7187bcc579a4fd0e7ffc54bb1a5fb9fa47a3d781bce55a8c4d9ba4df0139
-
SHA512
da23f8e01dfd78874bd274ae7cca8593ca7be0c12d3de0061630e6c737cbc87433451536ed992491568221b82548eff353bc19c7e3e6383a49d3e6a0ae261c8a
-
SSDEEP
96:P99U6k5sBsdf2XLGMRE7ng2deOFVkAwGuTFKfEPfPNAgARricsGb7kvrBzNt:Pb6KLGMWkOMAluTFCEvNesG+D
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-