purecrypter | d0b7c72da05449ada1b7a75b481989922f634b33e5bc1648b837698853abb8f5 | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

41KB
Sample

230128-rlbe6age9z
MD5

9fc2e4d640bbce8bc3fa4a6f0f01984d
SHA1

52c52532478b1f07e9c74dcd3923a0f23d24406a
SHA256

d0b7c72da05449ada1b7a75b481989922f634b33e5bc1648b837698853abb8f5
SHA512

533bbbeafb0714a5781056d416b61446f7c2075b0d2e5286a96c00393d4499e95dd48853615b4918aba8b95aa0c0e7849a12a521a0f7d202661b39c9e385c4c4
SSDEEP

768:Af/0u9flwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUut:E3uGGGGGGGGHGGGGGGGGGGGGGGGGGGG

Score

10^/10

purecrypter xmrig downloader loader miner persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20221111-en

purecrypter xmrig downloader loader miner persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

purecrypter xmrig downloader loader miner persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://163.123.142.210/Cjhgcjqheh.png

Targets

- Target
  
  tmp
- Size
  
  41KB
- MD5
  
  9fc2e4d640bbce8bc3fa4a6f0f01984d
- SHA1
  
  52c52532478b1f07e9c74dcd3923a0f23d24406a
- SHA256
  
  d0b7c72da05449ada1b7a75b481989922f634b33e5bc1648b837698853abb8f5
- SHA512
  
  533bbbeafb0714a5781056d416b61446f7c2075b0d2e5286a96c00393d4499e95dd48853615b4918aba8b95aa0c0e7849a12a521a0f7d202661b39c9e385c4c4
- SSDEEP
  
  768:Af/0u9flwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUut:E3uGGGGGGGGHGGGGGGGGGGGGGGGGGGG
Score

10^/10

purecrypter xmrig downloader loader miner persistence
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterxmrigdownloaderloaderminerpersistence

behavioral2

purecrypterxmrigdownloaderloaderminerpersistence

© 2018-2024

Terms | Privacy