General
-
Target
Setup.exe
-
Size
7.2MB
-
Sample
230130-ym4lnace56
-
MD5
71dc24eb7b90f77d23df59af068c3ed6
-
SHA1
d0e6ce2cfd2dd0cdd988c9981b4f901fe5ac51af
-
SHA256
cbfca62676f5f4653e7151e00a3fabc91fae98e1c8beab6b2e05eb79cd3b342d
-
SHA512
eef19afa6bd3b970d3ba696cf5453ac9d0118088239fef1e0e63692f8adc3d76058bd6dc757dc924bc6db476ec3d272ec11c7ca95e718a5057b071df19cf5812
-
SSDEEP
98304:Es1DgtKt0M154pX1M0gF9OtfXJroEBV5FL0BsS4HJG+V5Os+vE9zK2SCmBhg:0k54fmotPxoI++nOv8ICmBhg
Malware Config
Targets
-
-
Target
Setup.exe
-
Size
7.2MB
-
MD5
71dc24eb7b90f77d23df59af068c3ed6
-
SHA1
d0e6ce2cfd2dd0cdd988c9981b4f901fe5ac51af
-
SHA256
cbfca62676f5f4653e7151e00a3fabc91fae98e1c8beab6b2e05eb79cd3b342d
-
SHA512
eef19afa6bd3b970d3ba696cf5453ac9d0118088239fef1e0e63692f8adc3d76058bd6dc757dc924bc6db476ec3d272ec11c7ca95e718a5057b071df19cf5812
-
SSDEEP
98304:Es1DgtKt0M154pX1M0gF9OtfXJroEBV5FL0BsS4HJG+V5Os+vE9zK2SCmBhg:0k54fmotPxoI++nOv8ICmBhg
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-