purecrypter | 0ddf7226ac77878f78a73875b0633229368d8e8c28acdd4469d65648d99adfc6 | Triage

Submit
Reports

Overview

overview

Static

static

REVİZE ED...İ.exe

windows7-x64

REVİZE ED...İ.exe

windows10-2004-x64

7

Sharing

General

Target

REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe
Size

7KB
Sample

230127-rcdtxsbe24
MD5

2191219c54b8ae4fd655146a479a2c8c
SHA1

54b26e2cc5328f53acf0ba5be5a8a94da1008190
SHA256

0ddf7226ac77878f78a73875b0633229368d8e8c28acdd4469d65648d99adfc6
SHA512

8b5369c976a31b9a60da34698bcced445f4d561b1908e8b7e883715aa0031e04bafd19ae24b18133bf3816802f1a4fdc90214506dcb258bcc4bdaaec9fffafbb
SSDEEP

96:U/Ef/c/7yFyZ/nOci8cN0mMiUAmBVQttEkXnLFO0bjzNt:QEfkDyFETONB1LmYtzbTR

Score

10^/10

purecrypter collection downloader evasion loader

Static task

static1

Behavioral task

behavioral1

Sample

REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe

Resource

win7-20220812-en

purecrypter collection downloader evasion loader

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe

Resource

win10v2004-20220901-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  REVİZE EDİLMİŞ TEKLİF VE SATIN ALMA EMRİ.exe
- Size
  
  7KB
- MD5
  
  2191219c54b8ae4fd655146a479a2c8c
- SHA1
  
  54b26e2cc5328f53acf0ba5be5a8a94da1008190
- SHA256
  
  0ddf7226ac77878f78a73875b0633229368d8e8c28acdd4469d65648d99adfc6
- SHA512
  
  8b5369c976a31b9a60da34698bcced445f4d561b1908e8b7e883715aa0031e04bafd19ae24b18133bf3816802f1a4fdc90214506dcb258bcc4bdaaec9fffafbb
- SSDEEP
  
  96:U/Ef/c/7yFyZ/nOci8cN0mMiUAmBVQttEkXnLFO0bjzNt:QEfkDyFETONB1LmYtzbTR
Score

10^/10

purecrypter collection downloader evasion loader
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecryptercollectiondownloaderevasionloader

behavioral2

© 2018-2025

Terms | Privacy