purecrypter | de2cc36754155ee17783f7f6df524a49e845208f3d58a8840210dc8101b60db8 | Triage

Submit
Reports

Overview

overview

Static

static

5

DOC_NEW OR...86.xls

windows7-x64

DOC_NEW OR...86.xls

windows10-2004-x64

1

Sharing

General

Target

DOC_NEW ORDER 548886.xls
Size

1.1MB
Sample

230224-qwq3xsbe22
MD5

644ea477b14e89d7f6075c7619d6cef7
SHA1

aafa3f8b5be0c7e569ba4e3ea85d2a2b9a14309d
SHA256

de2cc36754155ee17783f7f6df524a49e845208f3d58a8840210dc8101b60db8
SHA512

43b3d8992314a35b14306b94cb2d43664ee73bc6bb2ff9608986eecf11d93eb6c0bfe7ca6d5ca968af0008145ce7924ac10713763774eed0d452891ee23a8ffe
SSDEEP

24576:8Fe5Z59H8m7wRFe8EezjH5GmzbveNK7aqdid+GiAE8Nv7dXXXXXXXXXXXXAXXXXu:g0ZDwDwO1hvSK7aubGiAE8UA

Score

10^/10

purecrypter downloader loader macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DOC_NEW ORDER 548886.xls

Resource

win7-20230220-en

purecrypter downloader loader

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

DOC_NEW ORDER 548886.xls

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://revitape.com/gdy/Pftcp.dll

Targets

- Target
  
  DOC_NEW ORDER 548886.xls
- Size
  
  1.1MB
- MD5
  
  644ea477b14e89d7f6075c7619d6cef7
- SHA1
  
  aafa3f8b5be0c7e569ba4e3ea85d2a2b9a14309d
- SHA256
  
  de2cc36754155ee17783f7f6df524a49e845208f3d58a8840210dc8101b60db8
- SHA512
  
  43b3d8992314a35b14306b94cb2d43664ee73bc6bb2ff9608986eecf11d93eb6c0bfe7ca6d5ca968af0008145ce7924ac10713763774eed0d452891ee23a8ffe
- SSDEEP
  
  24576:8Fe5Z59H8m7wRFe8EezjH5GmzbveNK7aqdid+GiAE8Nv7dXXXXXXXXXXXXAXXXXu:g0ZDwDwO1hvSK7aubGiAE8UA
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

© 2018-2025

Terms | Privacy