General
-
Target
7f98f49b5c7c21fa388f00acff0f37bd.exe
-
Size
7KB
-
Sample
230127-rj1l9sbe72
-
MD5
7f98f49b5c7c21fa388f00acff0f37bd
-
SHA1
8c3c26d459069cf012d3b301e9349730dd262b6c
-
SHA256
d9a6784d3b2bad93ddeeed54bfa5897b58d8f156172b307701b95e19a4fd3c7c
-
SHA512
69322d61a7d7068418aaee919e6cb2983e6060ccc6c1f7afb69407d49be59462a98a5dcadc0689484b5c41ed9aaa7294653c6873828ad3e374776090a9055064
-
SSDEEP
96:ymITl1KYgrxmJZVqPjTLosmiZ0RxqRvD8phOx6kqOazZSOzNt:ymIpBgmJZVqPr7miZ0yp8hOxH+zoI
Malware Config
Targets
-
-
Target
7f98f49b5c7c21fa388f00acff0f37bd.exe
-
Size
7KB
-
MD5
7f98f49b5c7c21fa388f00acff0f37bd
-
SHA1
8c3c26d459069cf012d3b301e9349730dd262b6c
-
SHA256
d9a6784d3b2bad93ddeeed54bfa5897b58d8f156172b307701b95e19a4fd3c7c
-
SHA512
69322d61a7d7068418aaee919e6cb2983e6060ccc6c1f7afb69407d49be59462a98a5dcadc0689484b5c41ed9aaa7294653c6873828ad3e374776090a9055064
-
SSDEEP
96:ymITl1KYgrxmJZVqPjTLosmiZ0RxqRvD8phOx6kqOazZSOzNt:ymIpBgmJZVqPr7miZ0yp8hOxH+zoI
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-