General
-
Target
Setup.zip
-
Size
10.2MB
-
Sample
230203-r5ftzsfg59
-
MD5
68b7be335a7aba9c8f2a3b3662de155e
-
SHA1
12b597976c601d10f0f38ec2515745a0c0969705
-
SHA256
c2194401e99bfeeb2f01be021903879abb3b9679d50da5a528619a4bee314d57
-
SHA512
01cf13beabc28834cb5e488858c195462c1697dce39d11ed334339f6e84b4e9fa98439ab95584ce6ffca0c342e37ddc1abdb82020936f3619018f5251ed24f45
-
SSDEEP
196608:y1fHHu3urHmay7xuATM22sJwLXRrGO+cf7CU0dJnuLxKB0/:K4KG7xRTFrJwLXZCz8M0/
Static task
static1
Behavioral task
behavioral1
Sample
CPU-Z.exe
Resource
win7-20220812-en
Malware Config
Extracted
vidar
2.3
682
http://46.151.26.234:80
-
profile_id
682
Targets
-
-
Target
CPU-Z.exe
-
Size
683.7MB
-
MD5
3cdb58d52e9b7c5ca06ff327d8010f9a
-
SHA1
add127cbecef9f393ae0a40f7c17c84adb5c5b5f
-
SHA256
297266aaa8d272f87c66e3ac63e58aa9411718eb75cab08f90ee1c64c099ed94
-
SHA512
8fbeaf7c2e0dfbfe0f75f77c8f2e7ab000db07c5b603c9e3f8ac215e23cf5009adf118027589a18665c54431df35454811cc2e4a3ba7af6379723342cf4cbc26
-
SSDEEP
1536:tDy0zIjGWZXMig6NCDZq68SVciCz9WkngFSc6gJN+80+3vIDix1oHwJ:E0zAGWzboWiBjNl+8/7x2K
-
Detect PureCrypter injector
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-