purecrypter | 31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b

Analysis

max time kernel
146s
max time network
136s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
26-02-2023 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe
Size

1.3MB
MD5

2d046356adc419adef4049f5ec0529fa
SHA1

59b79b81155927260c7e5c73c1505b7ff820fcd7
SHA256

31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b
SHA512

118b6af39c3107785695e61b050a2d767a86f6efe42c7c2afec0f49b651ba318d7a8d783aa7c12936d2aa5a93e4d34e39944e3587dd90dbe36a719ac18e36297
SSDEEP

24576:FfEZRk+1BmMN+wkQZVhtMOb7UlyPeNks08yfcadLetM7ckAx:Ff3IcMNHRLF4yP8k+y5UYnc

Score

10^/10

purecrypter redline z2k downloader infostealer loader

Malware Config

Extracted

Family

redline

Botnet

Z2K

amrican-sport-live-stream.cc:4581

Attributes

auth_value
8a9de6d1ef98f81da5a7e46825e88077

Signatures

Detect PureCrypter injector 34 IoCs

loader

resource	yara_rule
behavioral1/memory/8-118-0x0000000004B10000-0x0000000004D94000-memory.dmp	family_purecrypter
behavioral1/memory/8-119-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-120-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-122-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-124-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-126-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-128-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-130-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-133-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-135-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-137-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-139-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-141-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-143-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-145-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-147-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-149-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-151-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-153-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-155-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-157-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-159-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-161-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-163-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-165-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-167-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-169-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-171-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-173-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-175-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-177-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-179-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-181-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter
behavioral1/memory/8-183-0x0000000004B10000-0x0000000004D8F000-memory.dmp	family_purecrypter

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 8 set thread context of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67
PID 8 wrote to memory of 772	8	31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe	67

C:\Users\Admin\AppData\Local\Temp\31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe
"C:\Users\Admin\AppData\Local\Temp\31e477a3732cf4d377bbb89c5a5a3763dadd3581ce07534bb4fc54efb951823b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
  2⤵
  PID:772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/8-117-0x0000000000220000-0x000000000036C000-memory.dmp

Filesize
1.3MB

Download
memory/8-118-0x0000000004B10000-0x0000000004D94000-memory.dmp

Filesize
2.5MB

Download
memory/8-119-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-120-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-122-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-124-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-126-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-128-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-130-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-132-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/8-133-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-135-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-137-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-139-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-141-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-143-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-145-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-147-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-149-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-151-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-153-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-155-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-157-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-159-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-161-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-163-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-165-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-167-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-169-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-171-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-173-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-175-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-177-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-179-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-181-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-183-0x0000000004B10000-0x0000000004D8F000-memory.dmp

Filesize
2.5MB

Download
memory/8-739-0x0000000004B00000-0x0000000004B10000-memory.dmp

Filesize
64KB

Download
memory/8-10309-0x0000000000A10000-0x0000000000A32000-memory.dmp

Filesize
136KB

Download
memory/8-10310-0x0000000005260000-0x00000000055B0000-memory.dmp

Filesize
3.3MB

Download
memory/8-10311-0x0000000005160000-0x00000000051C6000-memory.dmp

Filesize
408KB

Download
memory/8-10312-0x0000000039A20000-0x0000000039AB2000-memory.dmp

Filesize
584KB

Download
memory/8-10313-0x0000000039FC0000-0x000000003A4BE000-memory.dmp

Filesize
5.0MB

Download
memory/8-10314-0x00000000055B0000-0x0000000005610000-memory.dmp

Filesize
384KB

Download
memory/772-10317-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/772-10318-0x0000000002D70000-0x0000000002D76000-memory.dmp

Filesize
24KB

Download
memory/772-10319-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/772-10320-0x000000000AF80000-0x000000000B586000-memory.dmp

Filesize
6.0MB

Download
memory/772-10321-0x000000000AAD0000-0x000000000ABDA000-memory.dmp

Filesize
1.0MB

Download
memory/772-10322-0x000000000AA00000-0x000000000AA12000-memory.dmp

Filesize
72KB

Download
memory/772-10323-0x000000000AA60000-0x000000000AA9E000-memory.dmp

Filesize
248KB

Download
memory/772-10324-0x000000000ABE0000-0x000000000AC2B000-memory.dmp

Filesize
300KB

Download
memory/772-10325-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download