Extracted

• • Target

    27099b00b5e7e72839edba8e085931e2.exe

  • Size

    7KB

  • MD5

    27099b00b5e7e72839edba8e085931e2

  • SHA1

    a5fc5b9271e1a3022b2549d8aa8384ec0236db89

  • SHA256

    d6edf57c2ec790e7a97ddffc9243ebf29960c497822385bca0420fa940581e07

  • SHA512

    d485cd0a34f63e7abdf7733d7da37fc1d1c0a1b230560a81102e4bcd9616d2dd064aff90fbce0aa5e0239bb420672472208f88dab2dd9b9a15f39ce0b0f50bb1

  • SSDEEP

    96:Et0ogZlyT+BAwP514Y1GXb9/RT0Gk7/4zNt:EuoPCxuO+v0rza

  Score

  10^/10

  purecrypterredlinecyou 2-4discoverydownloaderinfostealerloaderpersistencespywarestealer

  • Detect PureCrypter injector

    loader

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2