purecrypter | d060ee3029a154a6fba6ed666ee5fafb2c8ee019dcfde0819f8aa24392b6e944 | Triage

Submit
Reports

Overview

overview

Static

static

Setup.exe

windows7-x64

Setup.exe

windows10-2004-x64

8

Sharing

General

Target

Setup.exe
Size

2.5MB
Sample

230126-a9skxabf25
MD5

49884eec4a8dcafe6d2993865154cdf4
SHA1

8b801c2d83b7602d350734bc3de5de7b9df73436
SHA256

d060ee3029a154a6fba6ed666ee5fafb2c8ee019dcfde0819f8aa24392b6e944
SHA512

052a2b2706168351060dbd8c725be3cdd4659ee79ea78daaa61674218145ea2e016e8e0100f27aadd0b79ebb46e51d2eca4bc103ca2a4723c50ac7063c745af0
SSDEEP

49152:V2+9WCvHTdprm74MntR2XTw5lKX0Zu04iXgIHuxCt8DccbasI:V2p2Td9mVtR2XTol80Zu04iXgHI8DM

Score

10^/10

purecrypter discovery downloader loader spyware

Static task

static1

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win7-20220812-en

purecrypter downloader loader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Setup.exe

Resource

win10v2004-20220812-en

discovery spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  Setup.exe
- Size
  
  2.5MB
- MD5
  
  49884eec4a8dcafe6d2993865154cdf4
- SHA1
  
  8b801c2d83b7602d350734bc3de5de7b9df73436
- SHA256
  
  d060ee3029a154a6fba6ed666ee5fafb2c8ee019dcfde0819f8aa24392b6e944
- SHA512
  
  052a2b2706168351060dbd8c725be3cdd4659ee79ea78daaa61674218145ea2e016e8e0100f27aadd0b79ebb46e51d2eca4bc103ca2a4723c50ac7063c745af0
- SSDEEP
  
  49152:V2+9WCvHTdprm74MntR2XTw5lKX0Zu04iXgIHuxCt8DccbasI:V2p2Td9mVtR2XTol80Zu04iXgHI8DM
Score

10^/10

purecrypter downloader loader discovery spyware
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

discoveryspyware

© 2018-2024

Terms | Privacy