General

  • Target

    tmp

  • Size

    4.1MB

  • Sample

    230128-q9bkdsfb42

  • MD5

    e1668320cc4cade25d81b798190725c1

  • SHA1

    2e260a1b3f1bcd26f00d8d6e850812c740b11d3b

  • SHA256

    0ef43bfbcf7566727359acd6ab88590c1cbcdd25c913e2ea8c111118493f8e7c

  • SHA512

    18060d1e3be8b139863e46b3e77dc5d7e8b7629f0768fbaa1e4090acef065d04f6108036369b7c4b8fff7d1fcd7b74093f787c5d05f15bab38e5a1c4ea7f2242

  • SSDEEP

    98304:yAgqXSO7ZI0UxEcxtGya6JfjUV+2E3Szfj4bCBj4:yVqXTWxV7Jf6DbzrpB

Malware Config

Targets

    • Target

      tmp

    • Size

      4.1MB

    • MD5

      e1668320cc4cade25d81b798190725c1

    • SHA1

      2e260a1b3f1bcd26f00d8d6e850812c740b11d3b

    • SHA256

      0ef43bfbcf7566727359acd6ab88590c1cbcdd25c913e2ea8c111118493f8e7c

    • SHA512

      18060d1e3be8b139863e46b3e77dc5d7e8b7629f0768fbaa1e4090acef065d04f6108036369b7c4b8fff7d1fcd7b74093f787c5d05f15bab38e5a1c4ea7f2242

    • SSDEEP

      98304:yAgqXSO7ZI0UxEcxtGya6JfjUV+2E3Szfj4bCBj4:yVqXTWxV7Jf6DbzrpB

    • Detect PureCrypter injector

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

MITRE ATT&CK Enterprise v6

Tasks