purecrypter | 53ab8d99f27bef0bdbc4a0d0a02de34254fde15d202708e379bf2ff84d2ecfef | Triage

Submit
Reports

Overview

overview

Static

static

FATURA VE ...ER.exe

windows7-x64

FATURA VE ...ER.exe

windows10-2004-x64

Sharing

General

Target

FATURA VE BELGELER.exe
Size

6KB
Sample

230125-zap36saf67
MD5

8cdcf9d4502ce65a9bf4fcc5f5fa54d3
SHA1

b534efd9dd2902ab2172cc9f2f07fc8ff1acac0d
SHA256

53ab8d99f27bef0bdbc4a0d0a02de34254fde15d202708e379bf2ff84d2ecfef
SHA512

61379ff5617c577fa62c2fcbe4c2ae419f6a5f236edc7f0e1f4ceb356841fb500b0aa78291cacb0e33abf82b928058f225cfd5fb37879e71d370a6ceffd5e883
SSDEEP

96:DpMKEpKgeQV6lfxV9n5Hl9cItU2RM1FVbWm7atAkuaLzNt:DuKTqQl/95HnZtJy9bWqa/DN

Score

10^/10

purecrypter snakekeylogger collection downloader evasion keylogger loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

FATURA VE BELGELER.exe

Resource

win7-20220812-en

purecrypter snakekeylogger collection downloader evasion keylogger loader stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

FATURA VE BELGELER.exe

Resource

win10v2004-20220812-en

snakekeylogger keylogger stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5883437677:AAHeJkSINF-WhhSkVwvmtUtf8IUR1jbdjNM/sendMessage?chat_id=5739567068

Targets

- Target
  
  FATURA VE BELGELER.exe
- Size
  
  6KB
- MD5
  
  8cdcf9d4502ce65a9bf4fcc5f5fa54d3
- SHA1
  
  b534efd9dd2902ab2172cc9f2f07fc8ff1acac0d
- SHA256
  
  53ab8d99f27bef0bdbc4a0d0a02de34254fde15d202708e379bf2ff84d2ecfef
- SHA512
  
  61379ff5617c577fa62c2fcbe4c2ae419f6a5f236edc7f0e1f4ceb356841fb500b0aa78291cacb0e33abf82b928058f225cfd5fb37879e71d370a6ceffd5e883
- SSDEEP
  
  96:DpMKEpKgeQV6lfxV9n5Hl9cItU2RM1FVbWm7atAkuaLzNt:DuKTqQl/95HnZtJy9bWqa/DN
Score

10^/10

purecrypter snakekeylogger collection downloader evasion keylogger loader stealer
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecryptersnakekeyloggercollectiondownloaderevasionkeyloggerloaderstealer

behavioral2

snakekeyloggerkeyloggerstealer

© 2018-2024

Terms | Privacy