purecrypter | 58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b
Size

9.0MB
Sample

230130-km9wsahg57
MD5

f9a79453e1615bf88d65200399344e84
SHA1

e06a0db85ed218d9676c76aded4e2cfe96241b88
SHA256

58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b
SHA512

f527ab715e068e48ed2134c1a3933ff11b69bb15f3e1c1b70a5e1f8cd19edf8025bab733813de93667e8427c5fa894134c53f91a7462029e2bf70b37aed4ae96
SSDEEP

96:K4Z26fQ8osOtUBZVzTMs1hmRxPYK8vZLZoQ+QKGkxxNezNt1:JbtoBmhTMqEv6SQKrx4T

Score

10^/10

purecrypter downloader loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b.exe

Resource

win10v2004-20221111-en

purecrypter downloader loader spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.sfivegroupe.com
Port:
587
Username:
malika.baraitame@sfivegroupe.com
Password:
S8YVh~75ZPC

Extracted

Family

purecrypter

C2

http://justnormalsite.ddns.net/SystemEnv/uploads/newsoftware-tester_Uxqnkxde.bmp

Targets

- Target
  
  58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b
- Size
  
  9.0MB
- MD5
  
  f9a79453e1615bf88d65200399344e84
- SHA1
  
  e06a0db85ed218d9676c76aded4e2cfe96241b88
- SHA256
  
  58b233a73b4f72cfba99e0ea154ddf515b5e80f9945984b1945ad87e7f4d2b1b
- SHA512
  
  f527ab715e068e48ed2134c1a3933ff11b69bb15f3e1c1b70a5e1f8cd19edf8025bab733813de93667e8427c5fa894134c53f91a7462029e2bf70b37aed4ae96
- SSDEEP
  
  96:K4Z26fQ8osOtUBZVzTMs1hmRxPYK8vZLZoQ+QKGkxxNezNt1:JbtoBmhTMqEv6SQKrx4T
Score

10^/10

purecrypter downloader loader spyware stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderspywarestealer

© 2018-2024

Terms | Privacy