purecrypter

General

Target

Xgfawytdsuh.exe
Size

7KB
Sample

230125-zbad4scb4s
MD5

1291626bc1a52f6913048b6bae46ea32
SHA1

bdbc938c60af4e16b17accfadf54b31b85bf3ab0
SHA256

b5ed033b1ab59838dd5f9abdad008e1fadda3a2fad7220308cf123390c4d882a
SHA512

90b4393e11f87a02e3d850ee27fadd3a7b2a7f8e632d6f3e8c72963bced6371411269476dc4a16782e109f6acefd052cb15a6c0fdbae53788fbef2e9365e1f86
SSDEEP

96:CiIpKgeeUOobOyO4yfF9eLo/4jtUW5RL07kLLkDkPftlYRzNt:j8w/O4yXeLogjtX5ykLLkYPf0z

Score

10^/10

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5824924248:AAF4WKjJ8FxpNsC2HwCM114EP_g8rFkC4wQ/sendMessage?chat_id=2054148913

Targets

- Target
  
  Xgfawytdsuh.exe
- Size
  
  7KB
- MD5
  
  1291626bc1a52f6913048b6bae46ea32
- SHA1
  
  bdbc938c60af4e16b17accfadf54b31b85bf3ab0
- SHA256
  
  b5ed033b1ab59838dd5f9abdad008e1fadda3a2fad7220308cf123390c4d882a
- SHA512
  
  90b4393e11f87a02e3d850ee27fadd3a7b2a7f8e632d6f3e8c72963bced6371411269476dc4a16782e109f6acefd052cb15a6c0fdbae53788fbef2e9365e1f86
- SSDEEP
  
  96:CiIpKgeeUOobOyO4yfF9eLo/4jtUW5RL07kLLkDkPftlYRzNt:j8w/O4yXeLogjtX5ykLLkYPf0z
Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureCrypter injector

Snake Keylogger

Snake Keylogger payload

Checks computer location settings

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2