General
-
Target
P0-3325185-dtd-26-01-2023.exe
-
Size
476KB
-
Sample
230126-qc7xbsdf79
-
MD5
abb0f20592407cbc9c1df8d7be759d9a
-
SHA1
ae2354355268cd193d54b4ae3691a31ee8744116
-
SHA256
cd4fd070dbe5909f9e14e9228bc1243c2993e6dd105e91deed3bb3ca53e1f30d
-
SHA512
c8df73077136802c81067c2647707ae34cfb01604557f2a4cdba95d4b14f4f13a8cac38fef882c36d29fa4f08cd90cdaa8e90a38c85b5fa37eae38ca79c153db
-
SSDEEP
3072:p2yWP9LN3qIwBzFyIR+DSbisRKOsHas+8+qB1LuiCx8V8rIiJzQvstptE8z0Y:pNWP9GTsHtZLv8EiFES0
Malware Config
Targets
-
-
Target
P0-3325185-dtd-26-01-2023.exe
-
Size
476KB
-
MD5
abb0f20592407cbc9c1df8d7be759d9a
-
SHA1
ae2354355268cd193d54b4ae3691a31ee8744116
-
SHA256
cd4fd070dbe5909f9e14e9228bc1243c2993e6dd105e91deed3bb3ca53e1f30d
-
SHA512
c8df73077136802c81067c2647707ae34cfb01604557f2a4cdba95d4b14f4f13a8cac38fef882c36d29fa4f08cd90cdaa8e90a38c85b5fa37eae38ca79c153db
-
SSDEEP
3072:p2yWP9LN3qIwBzFyIR+DSbisRKOsHas+8+qB1LuiCx8V8rIiJzQvstptE8z0Y:pNWP9GTsHtZLv8EiFES0
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-