General
-
Target
db2ec1bb47040a7f2cfb210fbf58409339f923185c1eb7bb4b97e19fdf3f1f6a
-
Size
2.5MB
-
Sample
230211-bx9jbsac2y
-
MD5
6c7ce729cc83844a10c51889ece82606
-
SHA1
442a9193aaa7eab23f135743a8a06481bc0bd28d
-
SHA256
db2ec1bb47040a7f2cfb210fbf58409339f923185c1eb7bb4b97e19fdf3f1f6a
-
SHA512
a2e32664649a271f941b3496193fc7868cbcf47982d5a8ba61d810848140eccf8899e48d6fd8dcdd8c75c26785872463c53937e69f6a67b95515eaac6254189d
-
SSDEEP
49152:hQE4u11qfGaBLe7l/4fWor/Qx8vneNu0cmWUyAV4iybj8hSFvEZ:hQE4u11cGaBK7pQWC/o6neQYWUy64d/
Malware Config
Targets
-
-
Target
db2ec1bb47040a7f2cfb210fbf58409339f923185c1eb7bb4b97e19fdf3f1f6a
-
Size
2.5MB
-
MD5
6c7ce729cc83844a10c51889ece82606
-
SHA1
442a9193aaa7eab23f135743a8a06481bc0bd28d
-
SHA256
db2ec1bb47040a7f2cfb210fbf58409339f923185c1eb7bb4b97e19fdf3f1f6a
-
SHA512
a2e32664649a271f941b3496193fc7868cbcf47982d5a8ba61d810848140eccf8899e48d6fd8dcdd8c75c26785872463c53937e69f6a67b95515eaac6254189d
-
SSDEEP
49152:hQE4u11qfGaBLe7l/4fWor/Qx8vneNu0cmWUyAV4iybj8hSFvEZ:hQE4u11cGaBK7pQWC/o6neQYWUy64d/
Score10/10-
Detect PureCrypter injector
-
Modifies WinLogon for persistence
-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
-
Modifies Windows Firewall
-
Sets DLL path for service in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Accesses Microsoft Outlook profiles
-
Modifies WinLogon
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-