purecrypter | 367f43f9444ce24cad2611f59e61608566a772fe098d081e20349440010681d7 | Triage

Submit
Reports

Overview

overview

Static

static

1

CUSTOM FORM E.xls

windows7-x64

CUSTOM FORM E.xls

windows10-2004-x64

1

Sharing

General

Target

CUSTOM FORM E.xls
Size

1.0MB
Sample

230302-nnapvscd2s
MD5

d221ce0d91ef94f55dff3560fe260c45
SHA1

a5fef0be95fafd95a8e95742e10de6e34c52420d
SHA256

367f43f9444ce24cad2611f59e61608566a772fe098d081e20349440010681d7
SHA512

d543a590a5150de7c539ef264017f018c5f0d1c9ae14ce21ec7fc1d260962553beea3186f1856eec5af0be9b5300a4a060cf3c459a4bbff95fc59531057a5ec1
SSDEEP

24576:1LKswByWQmmav30xImiIBJRWQmmav30xBmD9cf9gX1zb1slqxke8:1LKhtQmmQ30AIzgQmmQ30k9Rcq4

Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

CUSTOM FORM E.xls

Resource

win7-20230220-en

purecrypter snakekeylogger collection downloader keylogger loader stealer

windows7-x64

24 signatures

150 seconds

Behavioral task

behavioral2

Sample

CUSTOM FORM E.xls

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://192.3.26.135/uo/Ksagb.png

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
doDHyw%0
Email To:
[email protected]

Targets

- Target
  
  CUSTOM FORM E.xls
- Size
  
  1.0MB
- MD5
  
  d221ce0d91ef94f55dff3560fe260c45
- SHA1
  
  a5fef0be95fafd95a8e95742e10de6e34c52420d
- SHA256
  
  367f43f9444ce24cad2611f59e61608566a772fe098d081e20349440010681d7
- SHA512
  
  d543a590a5150de7c539ef264017f018c5f0d1c9ae14ce21ec7fc1d260962553beea3186f1856eec5af0be9b5300a4a060cf3c459a4bbff95fc59531057a5ec1
- SSDEEP
  
  24576:1LKswByWQmmav30xImiIBJRWQmmav30xBmD9cf9gX1zb1slqxke8:1LKhtQmmQ30AIzgQmmQ30k9Rcq4
Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecryptersnakekeyloggercollectiondownloaderkeyloggerloaderstealer

behavioral2

© 2018-2025

Terms | Privacy