purecrypter | 14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb | Triage

Submit
Reports

Overview

overview

Static

static

1

14d6746a74...cb.exe

windows7-x64

14d6746a74...cb.exe

windows10-2004-x64

Resubmissions

13-02-2023 08:38

230213-kj1hyaca52 10

03-02-2023 20:49

230203-zmcnlsee6w 10

Sharing

General

Target

14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb
Size

172KB
Sample

230213-kj1hyaca52
MD5

a9fe419d1a7c914e4bcb26ba2d564338
SHA1

287d701de4ece28a6b0245c89b2ea488c6fee16b
SHA256

14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb
SHA512

5ea544d93d2d19614e006f4b1762cb3e5d886e130c1fe77973cf83f2bac02dd9ea58eea0ac428e08bec65e03f1f37b41da3608f8a817d0a42dab49ee4b9f9cb9
SSDEEP

1536:v+ac9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRcS:v+apWaxa7Dy956S2j4xnsvXtPdSaeW

Score

10^/10

purecrypter xmrig downloader loader miner persistence

Static task

static1

Behavioral task

behavioral1

Sample

14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb.exe

Resource

win7-20220812-en

purecrypter downloader loader persistence

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb.exe

Resource

win10v2004-20220812-en

xmrig miner persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb
- Size
  
  172KB
- MD5
  
  a9fe419d1a7c914e4bcb26ba2d564338
- SHA1
  
  287d701de4ece28a6b0245c89b2ea488c6fee16b
- SHA256
  
  14d6746a7475a0f8cd26d1d30403688e8d36cdc3f093e159f5882dc614a0cccb
- SHA512
  
  5ea544d93d2d19614e006f4b1762cb3e5d886e130c1fe77973cf83f2bac02dd9ea58eea0ac428e08bec65e03f1f37b41da3608f8a817d0a42dab49ee4b9f9cb9
- SSDEEP
  
  1536:v+ac9URWzKr7PhuuUpV7+5JTiy95UuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRcS:v+apWaxa7Dy956S2j4xnsvXtPdSaeW
Score

10^/10

purecrypter downloader loader persistence xmrig miner
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence

behavioral2

xmrigminerpersistence

© 2018-2024

Terms | Privacy