purecrypter | 97bfa0bd9f3b382280f67839c650a3d7be16aa31f124810f3a9b9559e34619c6 | Triage

Submit
Reports

Overview

overview

Static

static

Lcovlccdxd.exe

windows7-x64

Lcovlccdxd.exe

windows10-2004-x64

Sharing

General

Target

Lcovlccdxd.exe
Size

1.2MB
Sample

230201-y4nlrsdf9z
MD5

d3713110654dc546bd5edc306a6e7efd
SHA1

db266e554e96098584bcbb29aa2774106a7e90bf
SHA256

97bfa0bd9f3b382280f67839c650a3d7be16aa31f124810f3a9b9559e34619c6
SHA512

35013774da17edf34b0d632766d54a55609d4c68b12da758b26016e5590f349f0a5dd475041cc7dbf02960a67214f9917da34b4c0d7bacdd839865d31fed8de6
SSDEEP

24576:Yw03rS2BK40yMVrs+JBe0pw0H/bap4p16SM7RdkZu3svS/oUfsD:barS2BKOM/JBeYJfFP6SMdd6aRfs

Score

10^/10

purecrypter redline cheat discovery downloader infostealer loader persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Lcovlccdxd.exe

Resource

win7-20221111-en

purecrypter redline cheat discovery downloader infostealer loader persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Lcovlccdxd.exe

Resource

win10v2004-20220812-en

redline cheat discovery infostealer persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

194.26.192.248:7053

Targets

- Target
  
  Lcovlccdxd.exe
- Size
  
  1.2MB
- MD5
  
  d3713110654dc546bd5edc306a6e7efd
- SHA1
  
  db266e554e96098584bcbb29aa2774106a7e90bf
- SHA256
  
  97bfa0bd9f3b382280f67839c650a3d7be16aa31f124810f3a9b9559e34619c6
- SHA512
  
  35013774da17edf34b0d632766d54a55609d4c68b12da758b26016e5590f349f0a5dd475041cc7dbf02960a67214f9917da34b4c0d7bacdd839865d31fed8de6
- SSDEEP
  
  24576:Yw03rS2BK40yMVrs+JBe0pw0H/bap4p16SM7RdkZu3svS/oUfsD:barS2BKOM/JBeYJfFP6SMdd6aRfs
Score

10^/10

purecrypter redline cheat discovery downloader infostealer loader persistence spyware stealer
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterredlinecheatdiscoverydownloaderinfostealerloaderpersistencespywarestealer

behavioral2

redlinecheatdiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy