Overview

overview

10

Static

static

1

29bf5e2462...ff.exe

windows7-x64

10

29bf5e2462...ff.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29bf5e24622d2f6d36d6d08b10fe303dc483feb846a01717545f00fddd320bff.zip

  • Size

    94KB

  • Sample

    230223-jcfphsgh9w

  • MD5

    0aca6bd6e423ac7ca8b2a5fbc9a84a6d

  • SHA1

    f002ffc63bc9041f42294335320c074c6e5305eb

  • SHA256

    7cacaad3643b262cb7da178b8c85ea6c1ee6bea5ecbb2fddcb44b66f42731ff8

  • SHA512

    35b64d3305481f84e62114b82c32ce667e29df8e149036a31edb92e08406d9a2aeeeb82b3fd749d65025116be7513e16414fef5113e9d2f6df8ef32761fd0380

  • SSDEEP

    1536:FSlJ/jWof0M54o8jjHzFdIAptirXudthUWO9X+gN58eHHVBNZaKoIcy7Q9vV/1ZS:FSTjWvU8vHzz0r+dEFBD2iHz91cyadiV

Score
10/10
purecrypterredline@nekochan815discoverydownloaderinfostealerloaderpersistencespywarestealer

Malware Config

Extracted

Family

purecrypter

C2

http://comicmaster.org.uk/img/css/design/fabric/bo/Qzxoye.dll

Extracted

Family

redline

Botnet

@NekoChan815

C2

45.15.157.131:36457

Attributes
  • auth_value

    27e91af9bac7df060a7c43fed05eded6

Targets

    • Target

      29bf5e24622d2f6d36d6d08b10fe303dc483feb846a01717545f00fddd320bff

    • Size

      772KB

    • MD5

      66d87580c3b91f7d3e7220bc25d227d9

    • SHA1

      0f3363152110789a9808eefaeedb3f9ece505d14

    • SHA256

      29bf5e24622d2f6d36d6d08b10fe303dc483feb846a01717545f00fddd320bff

    • SHA512

      d34cadd2ebf2a78bd3fea3fd188f6b585cdbbba6eda79e089ff5ef12d1360bb71b87e93e031e317b962bd334e8ab76e117450d7425145467a200a350673b7483

    • SSDEEP

      3072:iahKyd2n31Kl58fVwCRt++Ny1Nat3xpGc8rApo04Ya9veML:iahOomVwSt++AatKL9x

    Score
    10/10
    purecrypterdownloaderloaderpersistenceredline@nekochan815discoveryinfostealerspywarestealer

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks