General

  • Target

    c8c503cad1ff92d608501ae76a4e9b6947580cf686d8867e8f060e37c1a1618a

  • Size

    2.9MB

  • Sample

    230127-rm2nqsbf22

  • MD5

    44622abb2bd17b2c4734318dc5de7f6a

  • SHA1

    c9d2392a4660759b72bda955a76c4ffd198b4383

  • SHA256

    c8c503cad1ff92d608501ae76a4e9b6947580cf686d8867e8f060e37c1a1618a

  • SHA512

    158f90bc5ab6727a4b0dc63567b1a1375feb4d9e5afe83aa63d0c1c91f11445d04a44f87e34566c513ec221538f4c4c281db323c325fe9a8513ce394465f5784

  • SSDEEP

    49152:6aZXhxYiUWQ6ZMPFuqY6hYFJqlveNDhPpg5PvKM6E+mqp1p1KoHzx:jZRyiRQ6ZSuqXhcBNWXKBmqpj1bzx

Malware Config

Targets

    • Target

      c8c503cad1ff92d608501ae76a4e9b6947580cf686d8867e8f060e37c1a1618a

    • Size

      2.9MB

    • MD5

      44622abb2bd17b2c4734318dc5de7f6a

    • SHA1

      c9d2392a4660759b72bda955a76c4ffd198b4383

    • SHA256

      c8c503cad1ff92d608501ae76a4e9b6947580cf686d8867e8f060e37c1a1618a

    • SHA512

      158f90bc5ab6727a4b0dc63567b1a1375feb4d9e5afe83aa63d0c1c91f11445d04a44f87e34566c513ec221538f4c4c281db323c325fe9a8513ce394465f5784

    • SSDEEP

      49152:6aZXhxYiUWQ6ZMPFuqY6hYFJqlveNDhPpg5PvKM6E+mqp1p1KoHzx:jZRyiRQ6ZSuqXhcBNWXKBmqpj1bzx

    • Detect PureCrypter injector

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks