purecrypter | 25292e7c037952bac53038432d60eb4799bcf3b507e88fa1073de7000177bcbd | Triage

Submit
Reports

Overview

overview

Static

static

e3c292ebdf...d1.exe

windows7-x64

e3c292ebdf...d1.exe

windows10-2004-x64

Sharing

General

Target

8911284780.zip
Size

2.6MB
Sample

230130-kfpl9shg42
MD5

082dd127f07976e439e5301773108883
SHA1

72aa15b54a7970323648e7d373067d10e5957d81
SHA256

25292e7c037952bac53038432d60eb4799bcf3b507e88fa1073de7000177bcbd
SHA512

31ccfc5349046b4100da42a3083fc47aa3a81f76aed27c2dedca53c7cfafa8eb84ea14d29ebf1419aff0c3f960304fde5422a10e395c7926fc5aab8de8fc9ada
SSDEEP

49152:Co5ngO60hTI/9+/Ned6NDEsUgs3pIJEIJrKoz46gNJKY6PdBBqLK:CodEN9+Ed6NDEsapIJvJdLY6zBaK

Score

10^/10

purecrypter quasar success downloader loader persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

e3c292ebdfb1ae04e44bcaa6c41c8ad4c6a1c859175df7b64a7bd9fbf01b6fd1.exe

Resource

win7-20220812-en

purecrypter quasar success downloader loader persistence spyware trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

e3c292ebdfb1ae04e44bcaa6c41c8ad4c6a1c859175df7b64a7bd9fbf01b6fd1.exe

Resource

win10v2004-20220812-en

quasar success persistence spyware trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

SUCCESS

C2

41.185.97.216:4782

Mutex

MUTEX_QAxMFzrXWG2cbIHPGK

Attributes

encryption_key
JRUJdiIOmPJ5LlsFaVs9
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
cmd
subdirectory
SubDir

Targets

- Target
  
  e3c292ebdfb1ae04e44bcaa6c41c8ad4c6a1c859175df7b64a7bd9fbf01b6fd1
- Size
  
  2.7MB
- MD5
  
  d587b4883793de72536108a8cb6373ef
- SHA1
  
  716e123537c7df451eff37da69a7747f8f99e3c1
- SHA256
  
  e3c292ebdfb1ae04e44bcaa6c41c8ad4c6a1c859175df7b64a7bd9fbf01b6fd1
- SHA512
  
  4cab1b454d56ced352905425ca0b9bfc3b532dd0a2cb242f02e099eef11892a44c4f89b8e4930f6ac8b31def7c5ddae419df0369de26911ba51be09e46912687
- SSDEEP
  
  49152:Hur58NWGHSN7CNMU7Ptj1oUEQMubc88zCTKRxVjjR8IqSe0HJbYF:Oi1OiMGtqUEQ/g8XGvFj5qSe0HJ
Score

10^/10

purecrypter quasar success downloader loader persistence spyware trojan
- Detect PureCrypter injector
  loader
- Modifies WinLogon for persistence
  persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Winlogon Helper DLL

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterquasarsuccessdownloaderloaderpersistencespywaretrojan

behavioral2

quasarsuccesspersistencespywaretrojan

© 2018-2025

Terms | Privacy