purecrypter | c8f27a841f726761652f562c1e2c61b1eb4490c8b7bdd264f6fd08b8e5d92e4b | Triage

Sharing

General

Target

c8f27a841f726761652f562c1e2c61b1eb4490c8b7bdd264f6fd08b8e5d92e4b
Size

1.3MB
Sample

230125-jvbtaafc58
MD5

f1c29ba01377c35e6f920f0aa626eaf5
SHA1

7b2c191bc2d5d549c5e65613f93d59ece1842f02
SHA256

c8f27a841f726761652f562c1e2c61b1eb4490c8b7bdd264f6fd08b8e5d92e4b
SHA512

449a9d0ec42f83be09ef7a258f50f3d07728bb9f06361dc4aebdcbcce0ca010a3c894a5d27d98f197d6b4b85be4e3639656ae75a0216e8e169c54717ad2a85f0
SSDEEP

24576:hT+ua8m657w6ZBLmkitKqBCjC0PDgM5AVnipXD1Z+7:hcVV1BCjBG2

Score

10^/10

purecrypter downloader loader

Malware Config

Extracted

Family

purecrypter

C2

https://cents-ability.org/loader/uploads/noicon_Ujizjydo.bmp

Targets

- Target
  
  c8f27a841f726761652f562c1e2c61b1eb4490c8b7bdd264f6fd08b8e5d92e4b
- Size
  
  1.3MB
- MD5
  
  f1c29ba01377c35e6f920f0aa626eaf5
- SHA1
  
  7b2c191bc2d5d549c5e65613f93d59ece1842f02
- SHA256
  
  c8f27a841f726761652f562c1e2c61b1eb4490c8b7bdd264f6fd08b8e5d92e4b
- SHA512
  
  449a9d0ec42f83be09ef7a258f50f3d07728bb9f06361dc4aebdcbcce0ca010a3c894a5d27d98f197d6b4b85be4e3639656ae75a0216e8e169c54717ad2a85f0
- SSDEEP
  
  24576:hT+ua8m657w6ZBLmkitKqBCjC0PDgM5AVnipXD1Z+7:hcVV1BCjBG2
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

purecrypterdownloaderloader