purecrypter | 14bd04d358baa93e39f94953f4a5db0c9f3318081f75e1a8dfa287cb60774fa4 | Triage

Sharing

General

Target

Hogwarts Legacy by Empress.zip
Size

33.3MB
Sample

230218-1vnlhsda3x
MD5

e8ed4b7d48df78c2657c2b4414fe8a08
SHA1

55c5ddce39454e1a9570564703b2aa36faec33a4
SHA256

14bd04d358baa93e39f94953f4a5db0c9f3318081f75e1a8dfa287cb60774fa4
SHA512

fc5c2e934d4ada3d8ba2d5176d6dcf317030fa5c61473dd6af55ec41ca2326ebdb58db4321c74ac3330d26dbc709047f6d87670f96b7d13db219a84978fb73fc
SSDEEP

786432:KSlRNFY4cMHvAVS4idfTvNwkMb6y1m4fPLsX/LLWOv/:tKVS9dfTvikpy1m4foX/3

Score

10^/10

purecrypter downloader loader persistence

Malware Config

Extracted

Family

purecrypter

C2

http://comicmaster.org.uk/img/css/design/fabric/bo/Kvxut.dat

Targets

- Target
  
  Hogwarts Legacy by Empress.zip
- Size
  
  33.3MB
- MD5
  
  e8ed4b7d48df78c2657c2b4414fe8a08
- SHA1
  
  55c5ddce39454e1a9570564703b2aa36faec33a4
- SHA256
  
  14bd04d358baa93e39f94953f4a5db0c9f3318081f75e1a8dfa287cb60774fa4
- SHA512
  
  fc5c2e934d4ada3d8ba2d5176d6dcf317030fa5c61473dd6af55ec41ca2326ebdb58db4321c74ac3330d26dbc709047f6d87670f96b7d13db219a84978fb73fc
- SSDEEP
  
  786432:KSlRNFY4cMHvAVS4idfTvNwkMb6y1m4fPLsX/LLWOv/:tKVS9dfTvikpy1m4foX/3
Score

10^/10

purecrypter downloader loader persistence
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistence