purecrypter | 90cd59c68786051a318d8ba3371ac0607d13d7e00e1c982a2dfb68b5019f9eda | Triage

Sharing

General

Target

0180decb30ec5d3934893c90995b2aca
Size

118KB
Sample

230206-q8vlwaeb82
MD5

3c1dfa79853ff35edbeea726aab5973b
SHA1

3cd25a3e1cd56ddf2a94ea4a2838272830785318
SHA256

90cd59c68786051a318d8ba3371ac0607d13d7e00e1c982a2dfb68b5019f9eda
SHA512

819874fc043e298b42792b05170a6cceaa0f0925f544af90afbc2ea599d4d52b642044de24ab76320d62fe3b06918c7de2a0750258a5613405c70e50f6b88626
SSDEEP

1536:H+p+iPNAL0z81YHKDgnkt9tMDyC+9BDYz39:HOvFRCgkIDyt9BDk39

Score

10^/10

purecrypter microsoft persistence phishing

Malware Config

Extracted

Family

purecrypter

C2

http://justnormalsite.ddns.net/SystemEnv/uploads/nodeffender_Veiwqhsq.jpg

Targets

- Target
  
  0180decb30ec5d3934893c90995b2aca
- Size
  
  118KB
- MD5
  
  3c1dfa79853ff35edbeea726aab5973b
- SHA1
  
  3cd25a3e1cd56ddf2a94ea4a2838272830785318
- SHA256
  
  90cd59c68786051a318d8ba3371ac0607d13d7e00e1c982a2dfb68b5019f9eda
- SHA512
  
  819874fc043e298b42792b05170a6cceaa0f0925f544af90afbc2ea599d4d52b642044de24ab76320d62fe3b06918c7de2a0750258a5613405c70e50f6b88626
- SSDEEP
  
  1536:H+p+iPNAL0z81YHKDgnkt9tMDyC+9BDYz39:HOvFRCgkIDyt9BDk39
Score

6^/10

microsoft persistence phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing