Extracted

• • Target

    msys2-x86_64-20221028.exe

  • Size

    677.7MB

  • MD5

    29eca627d9b7570ec48495e4af0f9423

  • SHA1

    18c8d00ba107908f344a34b39169d09db04aea7a

  • SHA256

    38f419b6ea086c7b10616650ab4892512c54612ef76313fb3b4603b6b1c5413c

  • SHA512

    7a89e39ee2b391d80dd0a9892b54f7eaf1454818fc1813c71beae7e7d8736462ee98c84c03c2a669b1a3aa29c7600a581232e659412ebf63ba560b2d1a1b0845

  • SSDEEP

    3072:2ahKyd2n31f5pQMCLMe4c6l19ipQ9pCFVkAKnKV0lXxii:2ahO6Vd2Xiy9pOdOx

  Score

  10^/10

  purecrypterdownloaderloaderpersistencenetsupportratupx

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2