purecrypter

General

Target

Os_Editorx64_win7-8-10-11.exe
Size

319.0MB
Sample

230130-yyszaseb6v
MD5

cfc67715228aeff0bb92357d11bc3ce7
SHA1

f8b664c669dcf720a33630462c6eaad31c415fd4
SHA256

48a2f6dab127b5f79ca8293a19f14ffafabd0491e4a570b94b8a52807af5bcb2
SHA512

cc21566a400002c6746c4519bae1a54def69bfbbf290bacee783b8c28687ba09973bd5c0063694b02df152a392b6273d243760397796a74b6ce33c8b4593f796
SSDEEP

49152:QHuWBLVl5J4EUknv4QjU/5f5gB0dDKoXQo5xbhsJ8klAKjJWWnwn87fHhTjUNjHZ:QOUggv4QjsLzVKop85doKS87K5

Score

10^/10

Malware Config

Extracted

Family

vidar

Version

2.2

Botnet

837

C2

https://t.me/litlebey

https://steamcommunity.com/profiles/76561199472399815

Attributes

profile_id
837

Targets

- Target
  
  Os_Editorx64_win7-8-10-11.exe
- Size
  
  319.0MB
- MD5
  
  cfc67715228aeff0bb92357d11bc3ce7
- SHA1
  
  f8b664c669dcf720a33630462c6eaad31c415fd4
- SHA256
  
  48a2f6dab127b5f79ca8293a19f14ffafabd0491e4a570b94b8a52807af5bcb2
- SHA512
  
  cc21566a400002c6746c4519bae1a54def69bfbbf290bacee783b8c28687ba09973bd5c0063694b02df152a392b6273d243760397796a74b6ce33c8b4593f796
- SSDEEP
  
  49152:QHuWBLVl5J4EUknv4QjU/5f5gB0dDKoXQo5xbhsJ8klAKjJWWnwn87fHhTjUNjHZ:QOUggv4QjsLzVKop85doKS87K5
Score

10^/10

purecrypter vidar 837 downloader loader stealer discovery spyware
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

3

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureCrypter injector

Vidar

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Accesses 2FA software files, possible credential harvesting

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2