purecrypter | a0a8abebf8f15ff4162fb6ead5b86f41e3c271fa9639a184f14112bc8185fd72 | Triage

Submit
Reports

Overview

overview

Static

static

1

CRM_chat/C...er.exe

windows10-2004-x64

Sharing

General

Target

CRM_chat.zip
Size

9.0MB
Sample

230203-qknhnafe37
MD5

b55379b0ea0eb57101dc608c2b1bc560
SHA1

0291988eae17b9ef91baee29d4d39f4760ec86e8
SHA256

a0a8abebf8f15ff4162fb6ead5b86f41e3c271fa9639a184f14112bc8185fd72
SHA512

86df1a19193bfb6bc1be98c79d368daa450d9b9e0da4fd8506e898ba4eb8d372da536a25c1a54760875a80397e81df1bf3dbafc0afc6e96641c7e721384de143
SSDEEP

196608:jcK1G2iHhE+i4mL9dvpzk09y4TN/zSwIUY8oCAD66ot:4CG2INFCdxzk6TNmwIUYbler

Score

10^/10

purecrypter downloader loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

CRM_chat/CRM_chat_laucnher.exe

Resource

win10v2004-20220812-en

purecrypter downloader loader persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

https://knickglobal.com/wp-admin/images/css/design/fabric/bo/Odcny.dll

Targets

- Target
  
  CRM_chat/CRM_chat_laucnher.exe
- Size
  
  677.7MB
- MD5
  
  e0e15d15df5f199a4a598179ef38efc4
- SHA1
  
  c8f9954db05274eb0efc97a9bc6d062abba4bbbe
- SHA256
  
  8a1e48fb5bdf53c3ad86c7c2adaacfce682c6088b00af99558601e7cd1e08766
- SHA512
  
  59f03df492b6b93ecf97361e34eeae6f17e25dc3cc348667a72c87e56e65bebb1fbd6a20c7c9fc92e6f30bd73ecae3f5b71c8884837785208d54d8c13600d56b
- SSDEEP
  
  1536:Krae78zjORCDGwfdCSog01313Vs5gChkD7OMYVG:CahKyd2n31S5veOK
Score

10^/10

purecrypter downloader loader persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence

© 2018-2024

Terms | Privacy