purecrypter

General

Target

travelpeov.mal
Size

193.2MB
Sample

230211-zvs1kahf3s
MD5

2928f4a10f1a824d26f56052accd9926
SHA1

93af9c82a7dedef40f3ab1b1a6a414210d90c192
SHA256

125df6f2b9f5445123c888a654df37e3bc185adb45e94e79b1e44627b1cbf65a
SHA512

4bd74f377bbd9ab41dd5fe0448a2d77e062a795b6e30a5961e2b62c70d5f1c35a470fe9a7cdbc313f40f8fbda086935e02677ba05213689bcec3b58eef5ea3e2
SSDEEP

96:eSwqiJBpnpML3uibpR3KbofKkor74BzNt:eBpnsLRPwof3oXu

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

https://www.franceconsobanque.fr/wp-admin/images/css/design/fabric/bo/Sjbgpxzi.bmp

Extracted

Family

redline

Botnet

@gestaslinoff

C2

45.15.157.131:36457

Attributes

auth_value
95adc00b732fc138a3ecc231c485a57a

Targets

- Target
  
  travelpeov.mal
- Size
  
  193.2MB
- MD5
  
  2928f4a10f1a824d26f56052accd9926
- SHA1
  
  93af9c82a7dedef40f3ab1b1a6a414210d90c192
- SHA256
  
  125df6f2b9f5445123c888a654df37e3bc185adb45e94e79b1e44627b1cbf65a
- SHA512
  
  4bd74f377bbd9ab41dd5fe0448a2d77e062a795b6e30a5961e2b62c70d5f1c35a470fe9a7cdbc313f40f8fbda086935e02677ba05213689bcec3b58eef5ea3e2
- SSDEEP
  
  96:eSwqiJBpnpML3uibpR3KbofKkor74BzNt:eBpnsLRPwof3oXu
Score

10^/10

purecrypter downloader loader redline @gestaslinoff discovery infostealer spyware stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

4

T1012

System Information Discovery

4

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

RedLine

Checks computer location settings

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2