purecrypter | 8a7d1fbcf94d9893fdf8cfc28525dd77c328d4c9e24486b3bed38c12a151f878 | Triage

Submit
Reports

Overview

overview

Static

static

5

Order VVNC...76.xls

windows7-x64

Order VVNC...76.xls

windows10-2004-x64

1

Sharing

General

Target

Order VVNC03023976.xls
Size

999KB
Sample

230223-ksrbmafc74
MD5

97b9e5a042f1e7a2bfde4d4fe73c49e4
SHA1

321cbbce23997d77e71cede025c8e30044d82784
SHA256

8a7d1fbcf94d9893fdf8cfc28525dd77c328d4c9e24486b3bed38c12a151f878
SHA512

a1d99e324108403f96fc7e4fe66a751dd40fc2820d5fa2cf4962447dee2513081fc989e8d0f3ab83e901ef04dea642665b5e39e63ad9a958a139bfff0cc2ff3c
SSDEEP

24576:RFeCiaFeYLFRT5AmkmhYnea18TGB1rPXXzXXXXXXXXXUXXXXXXXXXXXXXXXX1J:D91fflYnr18aBIJ

Score

10^/10

purecrypter smokeloader backdoor downloader loader macro trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Order VVNC03023976.xls

Resource

win7-20230220-en

purecrypter smokeloader backdoor downloader loader trojan

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Order VVNC03023976.xls

Resource

win10v2004-20230221-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://argentum.com.br/well-known/acme-challenge/k/h/d/g/Pjogwzrhh.bmp

Targets

- Target
  
  Order VVNC03023976.xls
- Size
  
  999KB
- MD5
  
  97b9e5a042f1e7a2bfde4d4fe73c49e4
- SHA1
  
  321cbbce23997d77e71cede025c8e30044d82784
- SHA256
  
  8a7d1fbcf94d9893fdf8cfc28525dd77c328d4c9e24486b3bed38c12a151f878
- SHA512
  
  a1d99e324108403f96fc7e4fe66a751dd40fc2820d5fa2cf4962447dee2513081fc989e8d0f3ab83e901ef04dea642665b5e39e63ad9a958a139bfff0cc2ff3c
- SSDEEP
  
  24576:RFeCiaFeYLFRT5AmkmhYnea18TGB1rPXXzXXXXXXXXXUXXXXXXXXXXXXXXXX1J:D91fflYnr18aBIJ
Score

10^/10

purecrypter smokeloader backdoor downloader loader trojan
- Detects Smokeloader packer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecryptersmokeloaderbackdoordownloaderloadertrojan

behavioral2

© 2018-2025

Terms | Privacy