purecrypter | 093aed8321e0c99537fde1bd8c9cd7e2bfef3fdcde9ddd5122f4d63665a9e602 | Triage

Submit
Reports

Overview

overview

Static

static

1

e65c722b00...e3.rtf

windows7-x64

e65c722b00...e3.rtf

windows10-2004-x64

1

Sharing

General

Target

e65c722b00600584d7d4b3d076677fe3.rtf
Size

13KB
Sample

230303-eynj2agb64
MD5

e65c722b00600584d7d4b3d076677fe3
SHA1

852f00f649d43f8df47d730a57ec07db9ce29a4d
SHA256

093aed8321e0c99537fde1bd8c9cd7e2bfef3fdcde9ddd5122f4d63665a9e602
SHA512

8fc290a555916e6da21b8611f15a31d47c7db5146d0fad302cb0cd520f8391b4be13cc3e60cda94b0810a679d34725be04386230b5f78723393df6d65371d0a4
SSDEEP

384:/TzQ7OauCOpdDuH+dmq3cP/HbjHcoKM3fyG6ZS9v:rz0OrCOpg+Mq3c3HtKVZS9v

Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer

Static task

static1

Behavioral task

behavioral1

Sample

e65c722b00600584d7d4b3d076677fe3.rtf

Resource

win7-20230220-en

purecrypter snakekeylogger collection downloader keylogger loader stealer

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

e65c722b00600584d7d4b3d076677fe3.rtf

Resource

win10v2004-20230220-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://192.3.26.135/uo/Ksagb.png

Extracted

Family

snakekeylogger

Credentials

Protocol: smtp
Host:
us2.smtp.mailhostbox.com
Port:
587
Username:
[email protected]
Password:
doDHyw%0
Email To:
[email protected]

Targets

- Target
  
  e65c722b00600584d7d4b3d076677fe3.rtf
- Size
  
  13KB
- MD5
  
  e65c722b00600584d7d4b3d076677fe3
- SHA1
  
  852f00f649d43f8df47d730a57ec07db9ce29a4d
- SHA256
  
  093aed8321e0c99537fde1bd8c9cd7e2bfef3fdcde9ddd5122f4d63665a9e602
- SHA512
  
  8fc290a555916e6da21b8611f15a31d47c7db5146d0fad302cb0cd520f8391b4be13cc3e60cda94b0810a679d34725be04386230b5f78723393df6d65371d0a4
- SSDEEP
  
  384:/TzQ7OauCOpdDuH+dmq3cP/HbjHcoKM3fyG6ZS9v:rz0OrCOpg+Mq3c3HtKVZS9v
Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecryptersnakekeyloggercollectiondownloaderkeyloggerloaderstealer

behavioral2

© 2018-2025

Terms | Privacy