General
-
Target
e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
-
Size
41KB
-
Sample
230213-h629yabf79
-
MD5
ab4a6ddfc90f2d379d70d0fad747f6e5
-
SHA1
87ac21f928c9f4e3d76cc6ea110b6133defd8507
-
SHA256
e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
-
SHA512
d0512d9629ffe3feee10f8f6bfa5419f97e1da78e7972866f76270326657b5760cc3bb3c594fe4ebbbb22571429f0fe88a007f75991db39136d22ff8dd274815
-
SSDEEP
768:ppoHKflwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUu8y:DoHFGGGGGGGGHGGGGGGGGGGGGGGGGGGH
Malware Config
Extracted
purecrypter
http://163.123.142.210/Zhevuwz.dat
Targets
-
-
Target
e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
-
Size
41KB
-
MD5
ab4a6ddfc90f2d379d70d0fad747f6e5
-
SHA1
87ac21f928c9f4e3d76cc6ea110b6133defd8507
-
SHA256
e1614217a227ee00d452c21059af1d4572420cd6079d384ec265e2b1a5192f90
-
SHA512
d0512d9629ffe3feee10f8f6bfa5419f97e1da78e7972866f76270326657b5760cc3bb3c594fe4ebbbb22571429f0fe88a007f75991db39136d22ff8dd274815
-
SSDEEP
768:ppoHKflwYtttWtYtYBtYtxqGGGGGGGGHGGGGGGGGGGGGGGGGGGGGGGGGGGGGUu8y:DoHFGGGGGGGGHGGGGGGGGGGGGGGGGGGH
Score10/10-
PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-