purecrypter | 73d448c429921a844a556fb0d5addc6af5bab77842fddb4782cbbd18086995ec | Triage

Sharing

General

Target

54b04c4846fab92642827b0d8fa86474.bin
Size

8KB
Sample

230120-me9xxsae26
MD5

b3e24df3eaf1466e997ce050047a4281
SHA1

613f70f7cd87f2ba4af18ba4d541c25be567420e
SHA256

73d448c429921a844a556fb0d5addc6af5bab77842fddb4782cbbd18086995ec
SHA512

253cfd911b09f02dbe39c912f15b45ec53f22c46f9296487d0c7f8ff1af2406cbcde9afe23d20d5971bd2a3880b2acbcfc7f4fd333c2dcd2b644ff3a85b2e829
SSDEEP

192:L8v+erfT8YKjK+9ujd/gw3Wyk13y89hZCejEvNPnaIcN6ywkpBsqvlsm:L8vPkYKpJwmRy8z0favwk/jv2m

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

C2

https://cesarsoriano.pe/wp-content/uploads/Tfykjvlwy.dll

Targets

- Target
  
  77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e.exe
- Size
  
  44KB
- MD5
  
  54b04c4846fab92642827b0d8fa86474
- SHA1
  
  7292d1728cc295f12c0dcb76570f3bc4d63d0a8e
- SHA256
  
  77254af9b820ada0d2f0e274b81dd99279a9a88e2f1b309e99c6399d307ada0e
- SHA512
  
  ef43bd4fa008f5bad4bd8368801c3bbbaa2cd3b0cdd38d9a8e4b3d4115df389d0b474d83878d9fdb25d7cc43d18d99c20e3fc246429b7609e72bb9ea21f7ef44
- SSDEEP
  
  192:wijBJmGQCBff2YnZx9Km4JCSYx8tfMHHoYYwOJ4etAEdKdO58rLGgi47sZXCBeOj:wGaKnZmHG8tUHHojSe3iV9qXBKmAY
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

purecrypterdownloaderloader