General
-
Target
b66229a5104d24f542566d43309673958eef9053
-
Size
1.6MB
-
Sample
230203-xz9srsab38
-
MD5
51c7a3718df0b69af01448f9579c64e2
-
SHA1
b66229a5104d24f542566d43309673958eef9053
-
SHA256
752e7d326d94fefa12869bee8c54bfb197d193f151d72f936457a27bbd6b6877
-
SHA512
6ff620f4367f545aadeff8bad1e894b7561c7e2a4423d42fc8ccde995a05b0a82e26010e0fb5379a8bcbdd743bb434b10962e48fd65ec0ac40f953240e69be79
-
SSDEEP
49152:MNRPjZGI8HDtJL92m/nNrMs6n8jMUBra1:GLZGhRdtjXO
Static task
static1
Behavioral task
behavioral1
Sample
Loader.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Loader.exe
Resource
win10v2004-20220901-en
Malware Config
Targets
-
-
Target
Loader.exe
-
Size
1.6MB
-
MD5
a44e526804469076d712e8a05ddd7759
-
SHA1
7010fda540e70139020a7a79730e74e99bd8e6c9
-
SHA256
46d7128963bde013c8ec359b285e47eabbf9c88e332735e02ced518773e8e95f
-
SHA512
04c40ef00c80d641c4f7bced8aefc180d695ea23ef79e272167f1a567484be2ab7031ca55a246cbeba1ed0c0ed93223fc2a33daed7f2048c62f169f0e6325b36
-
SSDEEP
49152:fBvdZG5o8InNXL9Qn0HpZjI64n2hcyfT2:pFZG5oNnRfh9
Score10/10-
Detect PureCrypter injector
-
Modifies WinLogon for persistence
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
XMRig Miner payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-