purecrypter | 8bbf3420ad5b1e7283ecc131dd720728a0ebaba799d9084509c8a47b8efe1cb0 | Triage

Submit
Reports

Overview

overview

Static

static

1

bypass_ps1...le.exe

windows7-x64

bypass_ps1...le.exe

windows10-2004-x64

Resubmissions

28-02-2023 08:35

230228-khdmsaad98 10

27-02-2023 10:04

230227-l39rdsda95 10

Sharing

General

Target

bypass_ps1_extracted_pe_file
Size

171KB
Sample

230228-khdmsaad98
MD5

b24e714962c627bc153be748efe9d288
SHA1

68d9fe8a592534e180db5ec89afe999221e43fec
SHA256

8bbf3420ad5b1e7283ecc131dd720728a0ebaba799d9084509c8a47b8efe1cb0
SHA512

a4cbf257a3196aac284df85285d224f626689257b525db3fe73b3ff213b4b70a171e40e836760d93dd70dd78e142ff564f9bf678bb4010452bfcd3853bac340b
SSDEEP

1536:g1c9URWzKr7PhuuUpV7+5JTiy95BuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRSCM:g1pWaxa7Dy95pS2lzxnIvXtZzSaPnp

Score

10^/10

purecrypter xmrig downloader loader miner persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

bypass_ps1_extracted_pe_file.exe

Resource

win7-20230220-en

purecrypter downloader loader persistence spyware

windows7-x64

8 signatures

600 seconds

Behavioral task

behavioral2

Sample

bypass_ps1_extracted_pe_file.exe

Resource

win10v2004-20230220-en

purecrypter xmrig downloader loader miner persistence spyware

windows10-2004-x64

14 signatures

600 seconds

Malware Config

Targets

- Target
  
  bypass_ps1_extracted_pe_file
- Size
  
  171KB
- MD5
  
  b24e714962c627bc153be748efe9d288
- SHA1
  
  68d9fe8a592534e180db5ec89afe999221e43fec
- SHA256
  
  8bbf3420ad5b1e7283ecc131dd720728a0ebaba799d9084509c8a47b8efe1cb0
- SHA512
  
  a4cbf257a3196aac284df85285d224f626689257b525db3fe73b3ff213b4b70a171e40e836760d93dd70dd78e142ff564f9bf678bb4010452bfcd3853bac340b
- SSDEEP
  
  1536:g1c9URWzKr7PhuuUpV7+5JTiy95BuUCQahsf5mZIWiwwr7QXsouW2ASDDA6rRSCM:g1pWaxa7Dy95pS2lzxnIvXtZzSaPnp
Score

10^/10

purecrypter downloader loader persistence spyware xmrig miner
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloaderpersistencespyware

behavioral2

purecrypterxmrigdownloaderloaderminerpersistencespyware

© 2018-2025

Terms | Privacy