purecrypter

General

Target

d0a4e0e3ed54a45113962e05be0fecc8143c3484fbcbb3c890d8ea41f7586e36.exe
Size

105KB
Sample

230206-h2nwrace46
MD5

a6d97b5c9d9a4932b5c6c7457bc8c60e
SHA1

7afa706e0ad9c9be82711b1b2c1e113534da70c5
SHA256

d0a4e0e3ed54a45113962e05be0fecc8143c3484fbcbb3c890d8ea41f7586e36
SHA512

aa14f821365c6fbe6e7cb1fbae28d59ae879e90d7e6143356b0d8db3fc129ca1486e7ba9973a394d444a51a47fe80e4bd15082506761d7401d4c4ac977800196
SSDEEP

1536:FPRNkYJTrgdiPluOcN6IBVEqp+xJHWe2zm4uz5dh3Hkq4/T6dcE1sgxcirUt:FPR9ttcQIToHWef4u136E6gxcirUt

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

http://modeloartesanatos.com.br/wp-admin/images/Zqchb.bmp

Targets

- Target
  
  d0a4e0e3ed54a45113962e05be0fecc8143c3484fbcbb3c890d8ea41f7586e36.exe
- Size
  
  105KB
- MD5
  
  a6d97b5c9d9a4932b5c6c7457bc8c60e
- SHA1
  
  7afa706e0ad9c9be82711b1b2c1e113534da70c5
- SHA256
  
  d0a4e0e3ed54a45113962e05be0fecc8143c3484fbcbb3c890d8ea41f7586e36
- SHA512
  
  aa14f821365c6fbe6e7cb1fbae28d59ae879e90d7e6143356b0d8db3fc129ca1486e7ba9973a394d444a51a47fe80e4bd15082506761d7401d4c4ac977800196
- SSDEEP
  
  1536:FPRNkYJTrgdiPluOcN6IBVEqp+xJHWe2zm4uz5dh3Hkq4/T6dcE1sgxcirUt:FPR9ttcQIToHWef4u136E6gxcirUt
Score

10^/10

smokeloader backdoor trojan purecrypter collection downloader loader
- Detects Smokeloader packer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Smokeloader packer

SmokeLoader

Checks computer location settings

Executes dropped EXE

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2