purecrypter | 1c1198c6de9cf636d4dc103add73a59ba3101ae38954f20f0ec6ed9b8c563dbd | Triage

Submit
Reports

Overview

overview

Static

static

Acwpn.exe

windows7-x64

Acwpn.exe

windows10-2004-x64

7

Sharing

General

Target

Acwpn.exe
Size

7KB
Sample

230201-rt6w2abh9x
MD5

5828f5213c4721e4118b3e57388ff2a5
SHA1

6737cd48c485ed00f64d56f2996cb0a4b3e16db8
SHA256

1c1198c6de9cf636d4dc103add73a59ba3101ae38954f20f0ec6ed9b8c563dbd
SHA512

e90cc6a7debeb334a5569f0a69c3b1ef16d8a1b43ef3decc10bff8ae0e510e3e4d3ae8ca838fd4bc090aaece07c6ae0ab5a38f27aaff86e17e322b3e290cf428
SSDEEP

96:wUUIQg0soU3QSQKCJdsYB3TtmXdtEkdpBxNbFnU:wUUIPDQdsYF0tzbHk

Score

10^/10

purecrypter collection downloader loader

Static task

static1

Behavioral task

behavioral1

Sample

Acwpn.exe

Resource

win7-20221111-en

purecrypter collection downloader loader

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Acwpn.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Acwpn.exe
- Size
  
  7KB
- MD5
  
  5828f5213c4721e4118b3e57388ff2a5
- SHA1
  
  6737cd48c485ed00f64d56f2996cb0a4b3e16db8
- SHA256
  
  1c1198c6de9cf636d4dc103add73a59ba3101ae38954f20f0ec6ed9b8c563dbd
- SHA512
  
  e90cc6a7debeb334a5569f0a69c3b1ef16d8a1b43ef3decc10bff8ae0e510e3e4d3ae8ca838fd4bc090aaece07c6ae0ab5a38f27aaff86e17e322b3e290cf428
- SSDEEP
  
  96:wUUIQg0soU3QSQKCJdsYB3TtmXdtEkdpBxNbFnU:wUUIPDQdsYF0tzbHk
Score

10^/10

purecrypter collection downloader loader
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecryptercollectiondownloaderloader

behavioral2

© 2018-2024

Terms | Privacy