General

  • Target

    6ad71236a8807687b670fe635f799ad2f811d88e9f7d8075d3df4cafeb1cbd45

  • Size

    171KB

  • Sample

    230131-tv528sah7s

  • MD5

    97570f2445b1ecd08dd0619717c2a3eb

  • SHA1

    321697b118fed0d76d6ad87ddbcedce34e00b641

  • SHA256

    6ad71236a8807687b670fe635f799ad2f811d88e9f7d8075d3df4cafeb1cbd45

  • SHA512

    a06b7858a1c60f7d61c5629a84a00fba8f8a4d07ac780f597d0303c921b5c5df1371bf476f4a3456460ffb76b7c13516e6eba7775c638d060116d319ed8b962d

  • SSDEEP

    1536:oyj17c9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rQ:9j17pWaxa7Dy956S2j4xnsvXtPdSae1

Malware Config

Extracted

Family

purecrypter

C2

http://163.123.142.210/Dzsifrcw.dll

Targets

    • Target

      6ad71236a8807687b670fe635f799ad2f811d88e9f7d8075d3df4cafeb1cbd45

    • Size

      171KB

    • MD5

      97570f2445b1ecd08dd0619717c2a3eb

    • SHA1

      321697b118fed0d76d6ad87ddbcedce34e00b641

    • SHA256

      6ad71236a8807687b670fe635f799ad2f811d88e9f7d8075d3df4cafeb1cbd45

    • SHA512

      a06b7858a1c60f7d61c5629a84a00fba8f8a4d07ac780f597d0303c921b5c5df1371bf476f4a3456460ffb76b7c13516e6eba7775c638d060116d319ed8b962d

    • SSDEEP

      1536:oyj17c9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rQ:9j17pWaxa7Dy956S2j4xnsvXtPdSae1

    • Detect PureCrypter injector

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

1
T1082

Command and Control

Web Service

1
T1102

Tasks