Extracted

• • Target

    tmp77EA.tmp.exe

  • Size

    2.3MB

  • MD5

    1d85c4d35f557fbbde158258300b753f

  • SHA1

    1a0f596ee4f5abdb3dc3bad8a1247625fce982ea

  • SHA256

    36ccb94aa071489c4f03b72cd09c2560e40d66e541e006b5f6ca1b6e84ef2e1a

  • SHA512

    09aa7748f392dd2104672e4f774d717298659bb6df21db51de8455e01dba0ee0d5761ecf7cf5bd24eaae80943b91ed4ab189d1e1a0df9621636bb33a2e2cdd52

  • SSDEEP

    49152:Vg9FpS1fbJT9VhpwKxh5ors6lz1u1M6s1V2hcCudLP1FqDfk:S9FpYJT9pw+2sMz1u1M6s/2HIPjqDc

  Score

  10^/10

  purecrypterredlineredlinediscoverydownloaderinfostealerloaderspywarestealer

  • Detect PureCrypter injector

    loader

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2