purecrypter | 25ffdf6075db2fc329aa4f3d2a9047d166fbf07fa8701a1638939b016d5e3abf | Triage

Sharing

General

Target

Setup_EN_x64.zip
Size

8.7MB
Sample

230131-zeqv9scb8t
MD5

ae308f389de6315d97a8de86bb9e5aad
SHA1

4b893c8229b3916f1742edde637b58766fa651be
SHA256

25ffdf6075db2fc329aa4f3d2a9047d166fbf07fa8701a1638939b016d5e3abf
SHA512

35ad6a406b067c5a6615e1742041d8c9c9fbf47acb493f4f5539b97db613a8d5f43e3277d7a1c4d7c3304c4642a53386f63701fc5e8af2f064d790aef8c838bd
SSDEEP

196608:KxOi3d9hMqMbfOoDaTljV2kS7hEZvBRIcA0B51tGeVogxdB:LsZPMbfVWl52k9RIc7B510i3

Score

10^/10

purecrypter downloader loader persistence

Malware Config

Extracted

Family

purecrypter

C2

https://megalinkbj.com.br/images/img/css/www/soul/Bshya.jpeg

Targets

- Target
  
  Setup_EN_x64/Setup_EN_x64.exe
- Size
  
  668.1MB
- MD5
  
  c855ebd5e59f490e592b6bc98df70938
- SHA1
  
  669be82147efa583d3fde3d0276bc875f8337b3b
- SHA256
  
  e8578df32e15e3018c1417f1d6ff2c041a996d3a6a92d1fc96edef2c90e72c22
- SHA512
  
  864bc590f6f317cdfbc2fe31b861b7b6eecd8f6bca6751ea1a750f668591e1dc2fdced683dcab2fa65856f3d9e910edcc0cb057b3c450ccfd6c3099f354b22ce
- SSDEEP
  
  1536:PI47GyTGCwiSnmQUt0LB16ULs5gUnujkqkSZZZ3gdtibBmbyoYPQSwH:PvGyYiSDnt16f5HnujSUlbMylPA
Score

10^/10

purecrypter downloader loader persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence

behavioral2

purecrypterdownloaderloaderpersistence