purecrypter | f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c
Size

171KB
Sample

230128-1z76qaab7y
MD5

b03be47e520c23653d2a5a66739fc4ec
SHA1

b89f4fa4580940423eae86a9c55153be53aa7f3b
SHA256

f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c
SHA512

ee447840ce138bb0a0abcb95183dc1d5a66ff97e2b6152a85cdc69117590b3f491176c779d33ce209aa8bd650268f604d11f7238d7389b5256d2fa114809aa10
SSDEEP

1536:Od5c9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRct:Od5pWaxa7Dy956S2j4xnsvXtPdSaex

Score

10^/10

purecrypter xmrig downloader loader miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c.exe

Resource

win10v2004-20221111-en

purecrypter xmrig downloader loader miner persistence

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://185.106.94.146/Kmhyc.png

Targets

- Target
  
  f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c
- Size
  
  171KB
- MD5
  
  b03be47e520c23653d2a5a66739fc4ec
- SHA1
  
  b89f4fa4580940423eae86a9c55153be53aa7f3b
- SHA256
  
  f0a3884252d20ae26d34a40eb5cf36d9a23e67b97483b6d629ed2af9c14bc15c
- SHA512
  
  ee447840ce138bb0a0abcb95183dc1d5a66ff97e2b6152a85cdc69117590b3f491176c779d33ce209aa8bd650268f604d11f7238d7389b5256d2fa114809aa10
- SSDEEP
  
  1536:Od5c9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRct:Od5pWaxa7Dy956S2j4xnsvXtPdSaex
Score

10^/10

purecrypter xmrig downloader loader miner persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

purecrypterxmrigdownloaderloaderminerpersistence

© 2018-2024

Terms | Privacy