General
-
Target
e453ee4e1a1a3c97ebab67171893ae7f.exe
-
Size
2.4MB
-
Sample
230201-te3beacd7z
-
MD5
e453ee4e1a1a3c97ebab67171893ae7f
-
SHA1
b4c24de8784bb530d549ed1df3716f2640e52d79
-
SHA256
f33f2b0823a6b41f1632f5d19ebe4d144375781702b3f7b544c6321937f28161
-
SHA512
d90c6a7b92779478082592af1ff6b378dca8f6469c6a38f4445938ee3b82123a8c578e07392a0f767f76712fa158a9d57988adb4723baccf48724a47fe0921de
-
SSDEEP
49152:bRPs+XkKb9mSewZPhGDcUovKdd+hHHafaQG0:dPD/tFKdd+ZafaZ0
Malware Config
Targets
-
-
Target
e453ee4e1a1a3c97ebab67171893ae7f.exe
-
Size
2.4MB
-
MD5
e453ee4e1a1a3c97ebab67171893ae7f
-
SHA1
b4c24de8784bb530d549ed1df3716f2640e52d79
-
SHA256
f33f2b0823a6b41f1632f5d19ebe4d144375781702b3f7b544c6321937f28161
-
SHA512
d90c6a7b92779478082592af1ff6b378dca8f6469c6a38f4445938ee3b82123a8c578e07392a0f767f76712fa158a9d57988adb4723baccf48724a47fe0921de
-
SSDEEP
49152:bRPs+XkKb9mSewZPhGDcUovKdd+hHHafaQG0:dPD/tFKdd+ZafaZ0
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-