Extracted

• • Target

    TR285.exe

  • Size

    5KB

  • MD5

    0f430d2e5078dea02dc36df9fb2ead25

  • SHA1

    53cfadd1333fcc209bb71d3435862f2d3c0ac999

  • SHA256

    8dd25b5662494e16c5a0926aa0439a249fe99eda604f86e2f523bb7404ccd476

  • SHA512

    e8e8733de46b0849f7039715a38d0ea050b13fad3f0c839c86b30818469aee052003924e1557c4131f2b17a7c93e92ce50bf5005116de24c6888561ef13ba151

  • SSDEEP

    96:j2gEM7kgUjqPlAoLrU73b+RZj0AwoLaunSmKk9XDgBzNt:jD0kl/L47r+Ttwjuj9zgD

  Score

  10^/10

  purecrypterdownloaderloadercollectionpersistencespywarestealer

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2