purecrypter | e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90 | Triage

Sharing

General

Target

e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
Size

41KB
Sample

230210-ae1m2aed4z
MD5

ab4a6ddfc90f2d379d70d0fad747f6e5
SHA1

87ac21f928c9f4e3d76cc6ea110b6133defd8507
SHA256

e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
SHA512

d0512d9629ffe3feee10f8f6bfa5419f97e1da78e7972866f76270326657b5760cc3bb3c594fe4ebbbb22571429f0fe88a007f75991db39136d22ff8dd274815
SSDEEP

768:ppoHKflwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUu8y:DoHFGGGGGGGGHGGGGGGGGGGGGGGGGGGH

Score

10^/10

purecrypter downloader loader persistence

Malware Config

Extracted

Family

purecrypter

C2

http://163.123.142.210/Zhevuwz.dat

Targets

- Target
  
  e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
- Size
  
  41KB
- MD5
  
  ab4a6ddfc90f2d379d70d0fad747f6e5
- SHA1
  
  87ac21f928c9f4e3d76cc6ea110b6133defd8507
- SHA256
  
  e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
- SHA512
  
  d0512d9629ffe3feee10f8f6bfa5419f97e1da78e7972866f76270326657b5760cc3bb3c594fe4ebbbb22571429f0fe88a007f75991db39136d22ff8dd274815
- SSDEEP
  
  768:ppoHKflwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUu8y:DoHFGGGGGGGGHGGGGGGGGGGGGGGGGGGH
Score

10^/10

purecrypter downloader loader persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence