purecrypter

General

Target

104.168.46.126_-_o_-_b08.exe___cbcffdbddd074c247071caed0e162729.dat
Size

17KB
Sample

230222-nwjmqsbb94
MD5

cbcffdbddd074c247071caed0e162729
SHA1

eec65a6aa6eaa1fa44b1832d405651e6dc87fe57
SHA256

2ad849391b902e19d516b7cd3eb0c1977eba5f39baf5f1e687ec09613866b721
SHA512

9adf006b456245c5332b0fb69d8f76b2c46a53b6658d69e179a8ed8cafda61b86e1000e7744eefc7568f9aea0e27053b57449be947846d4a9cf9f4b8a3fc8d92
SSDEEP

384:UoZHmnT8N7wgseoLf6VYgQE8AWilNekNek+vD7:UGG0cffgLo

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

https://pentatunggal.com/o7/Dnivqllcmu.dat

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
doDHyw%0
Email To:
[email protected]

Targets

- Target
  
  104.168.46.126_-_o_-_b08.exe___cbcffdbddd074c247071caed0e162729.dat
- Size
  
  17KB
- MD5
  
  cbcffdbddd074c247071caed0e162729
- SHA1
  
  eec65a6aa6eaa1fa44b1832d405651e6dc87fe57
- SHA256
  
  2ad849391b902e19d516b7cd3eb0c1977eba5f39baf5f1e687ec09613866b721
- SHA512
  
  9adf006b456245c5332b0fb69d8f76b2c46a53b6658d69e179a8ed8cafda61b86e1000e7744eefc7568f9aea0e27053b57449be947846d4a9cf9f4b8a3fc8d92
- SSDEEP
  
  384:UoZHmnT8N7wgseoLf6VYgQE8AWilNekNek+vD7:UGG0cffgLo
Score

10^/10

purecrypter downloader loader snakekeylogger collection keylogger stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Checks computer location settings

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2