Extracted

• • Target

    Hogwarts Legacy by Empress.exe

  • Size

    608.2MB

  • MD5

    bfa972c3534bb9b657d49286c2869e45

  • SHA1

    5830157f8d61333cd1cb501c10add55d17980a65

  • SHA256

    60dbb61c6ba079ac1e03937a8b61269bb74a7ca4f387be6498475f4895ec7c10

  • SHA512

    82e081bc33632d29ae32e233f33ac540c2fa6c1d3e689161a25f642b23ac8dae8db10a5b288ba4e09585ffe99e31fdc41c3f909c737d2d3f2f1903cb4ebeae4f

  • SSDEEP

    1536:3rae78zjORCDGwfdCSog013131Zs5gW0MuiNcL3IIG4BLpr:dahKyd2n31F253ObL3IIG4xl

  Score

  10^/10

  purecrypterdiscoverydownloaderloaderpersistencespywarestealer

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1