purecrypter | e5a5e82935acb5bf1706cd0e04a9bee5b0d995c4bf19ee3c363ceb9e6855ecab | Triage

Sharing

General

Target

a3a1f1bee14b0e117ca9698ca7d4a964.exe
Size

2.7MB
Sample

230201-r5vyxaca71
MD5

a3a1f1bee14b0e117ca9698ca7d4a964
SHA1

c69838ade96ae8c914093516975929b84a86f098
SHA256

e5a5e82935acb5bf1706cd0e04a9bee5b0d995c4bf19ee3c363ceb9e6855ecab
SHA512

deaba5ffd966efaaabb864ac5886ebbb1c45f5286fb9a1897338d6fb6dcd733cd2f76ac769ca6795d3f7d1122c349879a339de1f8af9391853f3e2d448950773
SSDEEP

49152:dKfd3LCcCAwvevqw6m4OHoP45KBNu20Rt3CNuiO:ed3m06m4OIP45wN10Ro+

Score

10^/10

purecrypter downloader loader persistence

Malware Config

Targets

- Target
  
  a3a1f1bee14b0e117ca9698ca7d4a964.exe
- Size
  
  2.7MB
- MD5
  
  a3a1f1bee14b0e117ca9698ca7d4a964
- SHA1
  
  c69838ade96ae8c914093516975929b84a86f098
- SHA256
  
  e5a5e82935acb5bf1706cd0e04a9bee5b0d995c4bf19ee3c363ceb9e6855ecab
- SHA512
  
  deaba5ffd966efaaabb864ac5886ebbb1c45f5286fb9a1897338d6fb6dcd733cd2f76ac769ca6795d3f7d1122c349879a339de1f8af9391853f3e2d448950773
- SSDEEP
  
  49152:dKfd3LCcCAwvevqw6m4OHoP45KBNu20Rt3CNuiO:ed3m06m4OIP45wN10Ro+
Score

10^/10

purecrypter downloader loader persistence
- Detect PureCrypter injector
  loader
- Modifies WinLogon for persistence
  persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence

behavioral2