Overview

overview

10

Static

static

blender-3....64.exe

windows7-x64

10

blender-3....64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    blender-3.4.1-windows-x64.zip

  • Size

    37.7MB

  • Sample

    230202-l95q1sfg53

  • MD5

    f6eb7c2454d338a9091d5fc6587697c5

  • SHA1

    ee34e99ef60332991e674f97a06646cd339b8a26

  • SHA256

    c86bf5719eb23f11675b17c37e43e0c0a76af143ff1e2dce815037ef8ecb9a42

  • SHA512

    7f879c01f9f23a288bdeacdac0aa6c4ba2ebb3cdfc70e344ad9d1f44c4e8fa1ef044f1ab9db32a043c699e03120611c5e33d49033a7c26d89293ec69ee6220c8

  • SSDEEP

    786432:Edn8DPEUWeuUsHjk1eEZAY4oMKWD89BUxUxN:EdmnHsHAxZAHKWI9BYUD

Score
10/10
purecrypterdownloaderevasionloaderpersistencetrojan

Malware Config

Targets

    • Target

      blender-3.4.1-windows-x64.exe

    • Size

      683.8MB

    • MD5

      aedf8960317a0effcd89c5d816137067

    • SHA1

      4e074a8e180a9d3248f5fceadf28ea4f7146b33e

    • SHA256

      eeaaa0e20ba43f13e0b62862979abe7f50bb558a812fc4aa729e946fdbe54e98

    • SHA512

      f1e7d861e01ebcc69cad9cceee712885ef1739a84923787bfe7d9e5e9e108b2721b2a1e916e4a33fa947ac84ed6010c1d32fdf0091b3a9ca7f34738a6be6981a

    • SSDEEP

      3072:mcqqdOyJocZB0O7i4Cg3DILI48p8ERDuwBbEUA:T/dOyJovrg3/ppDuwBYU

    Score
    10/10
    purecrypterdownloaderevasionloaderpersistencetrojan

    • Detect PureCrypter injector

      loader

    • Modifies WinLogon for persistence

      persistence

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • UAC bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1
T1004

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

2
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks