General
-
Target
tmp
-
Size
41KB
-
Sample
230128-rlbe6age9z
-
MD5
9fc2e4d640bbce8bc3fa4a6f0f01984d
-
SHA1
52c52532478b1f07e9c74dcd3923a0f23d24406a
-
SHA256
d0b7c72da05449ada1b7a75b481989922f634b33e5bc1648b837698853abb8f5
-
SHA512
533bbbeafb0714a5781056d416b61446f7c2075b0d2e5286a96c00393d4499e95dd48853615b4918aba8b95aa0c0e7849a12a521a0f7d202661b39c9e385c4c4
-
SSDEEP
768:Af/0u9flwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUut:E3uGGGGGGGGHGGGGGGGGGGGGGGGGGGG
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
purecrypter
http://163.123.142.210/Cjhgcjqheh.png
Targets
-
-
Target
tmp
-
Size
41KB
-
MD5
9fc2e4d640bbce8bc3fa4a6f0f01984d
-
SHA1
52c52532478b1f07e9c74dcd3923a0f23d24406a
-
SHA256
d0b7c72da05449ada1b7a75b481989922f634b33e5bc1648b837698853abb8f5
-
SHA512
533bbbeafb0714a5781056d416b61446f7c2075b0d2e5286a96c00393d4499e95dd48853615b4918aba8b95aa0c0e7849a12a521a0f7d202661b39c9e385c4c4
-
SSDEEP
768:Af/0u9flwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUut:E3uGGGGGGGGHGGGGGGGGGGGGGGGGGGG
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-