General
-
Target
Product presentation.exe
-
Size
1.2MB
-
Sample
230202-rrt5fsee65
-
MD5
d81ed82ea53f8e56bb98eaaef98f4d80
-
SHA1
01d76f1b404b125a7b8bf3f3829101124965ad9a
-
SHA256
f90d2b7322438acc8decf28392f29916b9b87ce99072f867d3e278ce6fc295fb
-
SHA512
49b6b1306d27cf347673c2e8641ea377a941b0f2689e648130fe28fbc7e519a8744b61a9d2635c800c2074af148ff41d6bc2093aa1b73e98670a7aab135f6a3f
-
SSDEEP
24576:QpbnahUHVL9XoveLj48xCbGmx31VprkdhVKfhoyNDjgGKySlXYrZSD:QpuKHXLU8kb11/JeyNDjgxySeZSD
Malware Config
Targets
-
-
Target
Product presentation.exe
-
Size
1.2MB
-
MD5
d81ed82ea53f8e56bb98eaaef98f4d80
-
SHA1
01d76f1b404b125a7b8bf3f3829101124965ad9a
-
SHA256
f90d2b7322438acc8decf28392f29916b9b87ce99072f867d3e278ce6fc295fb
-
SHA512
49b6b1306d27cf347673c2e8641ea377a941b0f2689e648130fe28fbc7e519a8744b61a9d2635c800c2074af148ff41d6bc2093aa1b73e98670a7aab135f6a3f
-
SSDEEP
24576:QpbnahUHVL9XoveLj48xCbGmx31VprkdhVKfhoyNDjgGKySlXYrZSD:QpuKHXLU8kb11/JeyNDjgxySeZSD
Score10/10-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-