General
-
Target
Installer_1.0.8_win64_86-setup+manual.zip
-
Size
37.8MB
-
Sample
230126-gvnfzaea9z
-
MD5
a03919d6a215eb54b63b675849945d29
-
SHA1
1f7942e75ca8a56b519f085eb2ad692b3a9469b5
-
SHA256
ae80e5dd014bf7859015c477e29616e6499c765552de0b95d38e8160b5515fb2
-
SHA512
2e0b58547394a974679a6dface04f9285fd4f59f6257d105ec0d5cb6c62fd99f7e66209008379a1d4928530441bef86f193df463aadf76b2968c6499ad7dab05
-
SSDEEP
786432:vr3VcA99oTuuzEatHxaasaL9N/nXGSrPYFDkDTTa4:vr3ai9oxNUarG0wyTTa4
Malware Config
Targets
-
-
Target
Installer_1.0.8_win64_86-setup+manual/About/PowerShellExecutionPolicy.admx
-
Size
4KB
-
MD5
cf3a6940f87d0a1b53a99e3e205066c9
-
SHA1
29c3d8ca609a60358f958b6036e225ab18423558
-
SHA256
04bb49c481891cded0c411626070851ef30b21c61d2e8d8d5475604662f0e518
-
SHA512
7805f940621a91353cd5de0d49720bb829d1bfe9df0127e1af98c030d94c5e18fd7229ee392e28ba1edf745b06ce6339071020a316541b1f64842da60fa3bf29
-
SSDEEP
96:5yGMFLoQKnKeg56bc/GwFb1E+N/GwBC1eHK/GwnMa1K0z/GwAeFACc1Ed/GwUx3:whL7GcJFb1NJoSKJnMaHzJAemEdJUx3
Score3/10 -
-
-
Target
Installer_1.0.8_win64_86-setup+manual/Setup.exe
-
Size
686.1MB
-
MD5
d8dc5a67c3749704c5b4be34b233a788
-
SHA1
8fe3cbba1bf42d9ae8a1e76960ca10d50ce71172
-
SHA256
0a6bfeeb983db4a588d699805b53af3e6a6cd67920117fc36fde1fe84a8794ed
-
SHA512
ae78cb2cf9af9bc7aad3b7e1d2ab4a541fc513db8d4b3a17f0ce93a910f72ba02d28db51b592da5d6ea11e3e4b777b09a26ad21f1a7720f8ce1aa3d0bb915f1d
-
SSDEEP
49152:V2+9WCvHTdprm74MntR2XTw5lKX0Zu04iXgIHuxCt8DccbasI:V2p2Td9mVtR2XTol80Zu04iXgHI8DM
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-