purecrypter

Sharing

Copy URL

Twitter E-mail

General

Target

1.vhd
Size

18.0MB
Sample

230224-rsefdshe4t
MD5

61d53ce85393c16893d5a20e28ba7975
SHA1

8161c028b9351c58ad9440211ce436693027cb7e
SHA256

b1c0b2b8c165b4144be04ac5138af82825f61f4928a4ddf8b9db44f3a2ba1e0d
SHA512

42eb47aba31bc3da5eae9b892bb85398a91ba163d9eeaf21719be9013c2012afb8443e699b673d113ab55194c9352747de40181b78e77f90227f105821ade7fb
SSDEEP

768:qyDRGOd/DFZhnkURGOd/DFZhnkJpbqA4mWp+qY5YP6NZcmXpgF6TG9TK7egGhHzl:qyDRGgV9RGgVMpbK6k64hHzr8eCdn19

Score

10^/10

Malware Config

Extracted

Family

purecrypter

https://ashaambulanceservice.com/Vuzbri.bmp

Extracted

Family

vjw0rm

http://js9400.duckdns.org:9400

http://js9300.duckdns.org:9300

Targets

- Target
  
  $RECYCLE.BIN/$I40P23D.exe
- Size
  
  544B
- MD5
  
  7e08962bf47aae3acd8a9633b0a62e19
- SHA1
  
  c4e224381213d3454fe45cb84a1c3211be30272c
- SHA256
  
  ee89ffc4cb01b0323c56ed7d190906501f4aabab067a07aac67bad2e0559929c
- SHA512
  
  d78b50c484609bb32d701d606e6b58dc606b70d8c562af7cdc26cda2803684800be7f18384551b447847645fbc21d3c49eb5fa24e136fc6fc4acab538babd7d2
Score

1^/10
behavioral1 behavioral2
- Target
  
  $RECYCLE.BIN/$I4FIL8H.js
- Size
  
  544B
- MD5
  
  3bb5ddbbc15c65e6d7af1c41a877bf2f
- SHA1
  
  c9411803abd57b1c62936f7a973fde45b792a0f9
- SHA256
  
  73cfb6a30179d5759f151505756edd832bdfe6675424cdfef2d0d95b9265fe14
- SHA512
  
  6b3eacbd3de4c5ec44852cef7349062d206f3af35f6f315a9e57af6023ac3cd563bd4bfc3f1ce4a1ca69e394e2fd33bec7a7185bac289be7ac713bc24a497686
Score

1^/10
behavioral3 behavioral4
- Target
  
  $RECYCLE.BIN/$I5VEPRW.js
- Size
  
  544B
- MD5
  
  7fcacbf214c7091a4e52f42ba83ca75a
- SHA1
  
  93e6071f014cd5f47dbc0e52c93aadcde29e1457
- SHA256
  
  1704bea192c12c3d81474e73f5d0a2cc98cb57e9440e3f033862bd85f5980f85
- SHA512
  
  bae645c2ac3758975d468413e430c22c8c9803d90b65ea2d593ab542f901ad771bec89a6eef87103b28105a38addfa97cabb794f488caeb6024542d5c5a8f27f
Score

1^/10
behavioral5 behavioral6
- Target
  
  $RECYCLE.BIN/$IMH8R2U.js
- Size
  
  544B
- MD5
  
  2c4439dfc4bfb10e8bf9eb4c2932e067
- SHA1
  
  925eba054aae34b564c9f70f6813b70eedc744f8
- SHA256
  
  161b64c65461b1aa5fbbdfb7d465686ba02b4b3d89a19aaafb2f1a0f4f72597a
- SHA512
  
  64f02a63b754586e03a27547f4a2c468307318768bfb24bbb7ad3e02fc726c9e057e1770e8f84b849aad93f9751a655082129bde03a1c45afb6edf495f588501
Score

1^/10
behavioral7 behavioral8
- Target
  
  $RECYCLE.BIN/$R40P23D.exe
- Size
  
  92KB
- MD5
  
  d40448b5ac56cf8f2a4bbea8d22982c2
- SHA1
  
  ad405a4f3ea892a80b696f7460de70bbb6b082f8
- SHA256
  
  d97bdbb4ad01f8873a141e7544160d070469b0c6865b823fec42184315b923cc
- SHA512
  
  be9b6ffda6ebee70baa79bab24129150895bf5d06f0d634a1099e129bd63396c2f73e1c82115b6ca37df5aa5c406e3d1df2932e9a8dbeb927aacda727675082d
- SSDEEP
  
  384:IiZHmh0O/Lrw+Ke8QEoDeJisnDPnFw5sglcMhQM0u+GrCPHFYgMSXA:IgGhHzr8e8B1PnFusmcDCXrCPqEXA
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
behavioral10 behavioral9
- Target
  
  $RECYCLE.BIN/$R4FIL8H.js
- Size
  
  9.0MB
- MD5
  
  5d97ab7f843e6c18b96c4e34bd65ff09
- SHA1
  
  9ad9f18b92f57a3e1536a552dc3e4081b34169e2
- SHA256
  
  eb841738aeb5f98695da31d3ebe1bf241f8411283373fd6e99788fc52903b1be
- SHA512
  
  116897043738962c9e059d4701e01b3f36987100a00951ef020c2481dc100a3a59eaf106e5c96b042019dceb53b3a143454c6aaa861262bf2d24c45651699e81
- SSDEEP
  
  96:kZH1uyAXIXGou2lcJc9l2JEuft2v2wz2zadZxOBeFcr3vVkcZBIKkcZBe4KcZUCS:kZVhpngJpG2wz2xkFm3vVEKZpFEm
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral11 behavioral12
- Target
  
  $RECYCLE.BIN/$R5VEPRW.js
- Size
  
  97KB
- MD5
  
  7afbb2051c1ba1c1e88c499c5e11636a
- SHA1
  
  4b2a14b3ca310b1f39959c130ae7b72a03078873
- SHA256
  
  74fc83dc153086db0329b982e73e8bee4b652d1265c8185b0b4374898a112d06
- SHA512
  
  c506d2d13383948d9acfafdc152f81326fc73381530fbb019794f9bc2b7733b3b455f6eddc92d597614f0f6d641f391d737f93f809486707cb1d8f84378309ec
- SSDEEP
  
  384:chWWz5Kfy24jHueR45qWWxWBWHKSqmqR4G:XYG
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral13 behavioral14
- Target
  
  $RECYCLE.BIN/$RMH8R2U.js
- Size
  
  97KB
- MD5
  
  7aab68aeb388528f9e3448ea0dce56d7
- SHA1
  
  07d648c7247e2db064b7ba1b1b21722c475e3396
- SHA256
  
  610eb77c6ef6c0767a1b8d0157b39ea5105697ffdf31d2afa5963e4da8cd0cb8
- SHA512
  
  1f59fd8a717ff3bf9f57452440a6e08907cd9c32050aa399ab0a591c6109486410e74d21d5ee41355b4b041f4dd88c679d8077b611cfaea9c597aaa67ed0e8b4
- SSDEEP
  
  384:chWz5Kfy24jHueR45qWWxWBWHKSqmqR4G:OYG
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Drops startup file
- Adds Run key to start application
  persistence
behavioral15 behavioral16
- Target
  
  T817630494847_Payment_receipt_Pdf.js
- Size
  
  2.0MB
- MD5
  
  f8a9117d4c4217fd4cbab1da6d3359b6
- SHA1
  
  f3ea387aeaf9e587d135d797e0468904328c291a
- SHA256
  
  db99c6255bfd1d06c6a103e4602715c069039c140389d33d2909912e1b58158d
- SHA512
  
  232eb1d882feac675994d192436254521b42a2b1d2ae32f6c5cd8618ae29d619a26ad9672f6644a62abfd484a1b0e76f69003d40f79a14cc200be4b124d0bea6
- SSDEEP
  
  192:aZVhB3qe3Ju2l2ZUCz1ZNWDl01tHY8T0:cVHaLRZcmXpg
Score

10^/10

vjw0rm persistence trojan worm
- Vjw0rm
  Vjw0rm is a remote access trojan written in JavaScript.
  trojan worm vjw0rm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Vjw0rm

Blocklisted process makes network request

Drops startup file

Adds Run key to start application

Vjw0rm

Blocklisted process makes network request

Drops startup file

Adds Run key to start application

Vjw0rm

Blocklisted process makes network request

Drops startup file

Adds Run key to start application

Vjw0rm

Blocklisted process makes network request

Checks computer location settings

Drops startup file

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18