purecrypter | 03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb | Triage

Sharing

General

Target

03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
Size

2.7MB
Sample

230201-ngk71sda49
MD5

21605edd439a91f69b7c2584413ae3f5
SHA1

76353ff45df865cee24b8802c2332c8f07590df6
SHA256

03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
SHA512

df4248687d7a92389a3aab90dd0ccc8ea7236e8b71555bd835c33816a6e27b9a147d10fe693b57a693698c0d7c3fdbd99a3587cbfba08929c0d0fc4f34efb128
SSDEEP

49152:Q61jlIn2e7zgWTSOa7Q4hVBP35NxVg1DHeTz0CTssEORTdQRYdN+1rHzE42i9:Q6FynB7JTSOWBBNxVg1zen0CLEOhdQTl

Score

10^/10

purecrypter remcos nigeria downloader loader rat

Malware Config

Extracted

Family

remcos

Botnet

nigeria

C2

198.46.173.141:50482

198.46.173.141:50484

Attributes

audio_folder
MicRecords
audio_record_time
5
connect_delay
0
connect_interval
1
copy_file
remcos.exe
copy_folder
Remcos
delete_file
false
hide_file
false
hide_keylog_file
false
install_flag
false
keylog_crypt
false
keylog_file
logs.dat
keylog_flag
false
keylog_folder
remcos
mouse_option
false
mutex
Rmc-6CYNGG
screenshot_crypt
false
screenshot_flag
false
screenshot_folder
Screenshots
screenshot_path
%AppData%
screenshot_time
10
startup_value
Remcos
take_screenshot_option
false
take_screenshot_time
5

Targets

- Target
  
  03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
- Size
  
  2.7MB
- MD5
  
  21605edd439a91f69b7c2584413ae3f5
- SHA1
  
  76353ff45df865cee24b8802c2332c8f07590df6
- SHA256
  
  03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb
- SHA512
  
  df4248687d7a92389a3aab90dd0ccc8ea7236e8b71555bd835c33816a6e27b9a147d10fe693b57a693698c0d7c3fdbd99a3587cbfba08929c0d0fc4f34efb128
- SSDEEP
  
  49152:Q61jlIn2e7zgWTSOa7Q4hVBP35NxVg1DHeTz0CTssEORTdQRYdN+1rHzE42i9:Q6FynB7JTSOWBBNxVg1zen0CLEOhdQTl
Score

10^/10

purecrypter remcos nigeria downloader loader rat
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Remcos
  Remcos is a closed-source remote control and surveillance software.
  rat remcos
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterremcosnigeriadownloaderloaderrat