purecrypter | 15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0 | Triage

Submit
Reports

Overview

overview

Static

static

$RECYCLE.B...3D.exe

windows7-x64

$RECYCLE.B...3D.exe

windows10-2004-x64

$RECYCLE.B...L8H.js

windows7-x64

1

$RECYCLE.B...L8H.js

windows10-2004-x64

1

$RECYCLE.B...PRW.js

windows7-x64

1

$RECYCLE.B...PRW.js

windows10-2004-x64

1

$RECYCLE.B...R2U.js

windows7-x64

1

$RECYCLE.B...R2U.js

windows10-2004-x64

1

$RECYCLE.B...VCX.js

windows7-x64

1

$RECYCLE.B...VCX.js

windows10-2004-x64

1

$RECYCLE.B...3D.exe

windows7-x64

$RECYCLE.B...3D.exe

windows10-2004-x64

$RECYCLE.B...L8H.js

windows7-x64

$RECYCLE.B...L8H.js

windows10-2004-x64

$RECYCLE.B...PRW.js

windows7-x64

$RECYCLE.B...PRW.js

windows10-2004-x64

$RECYCLE.B...R2U.js

windows7-x64

$RECYCLE.B...R2U.js

windows10-2004-x64

$RECYCLE.B...VCX.js

windows7-x64

$RECYCLE.B...VCX.js

windows10-2004-x64

Tb2_paymen...df.vbs

windows7-x64

8

Tb2_paymen...df.vbs

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

$RECYCLE.BIN/$I40P23D.exe

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

$RECYCLE.BIN/$I40P23D.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

$RECYCLE.BIN/$I4FIL8H.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

$RECYCLE.BIN/$I4FIL8H.js

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

$RECYCLE.BIN/$I5VEPRW.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

$RECYCLE.BIN/$I5VEPRW.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

$RECYCLE.BIN/$IMH8R2U.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

$RECYCLE.BIN/$IMH8R2U.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

$RECYCLE.BIN/$INQFVCX.js

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

$RECYCLE.BIN/$INQFVCX.js

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

$RECYCLE.BIN/$R40P23D.exe

Resource

win7-20230220-en

purecrypter downloader loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral12

Sample

$RECYCLE.BIN/$R40P23D.exe

Resource

win10v2004-20230220-en

purecrypter downloader loader

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral13

Sample

$RECYCLE.BIN/$R4FIL8H.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral14

Sample

$RECYCLE.BIN/$R4FIL8H.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral15

Sample

$RECYCLE.BIN/$R5VEPRW.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral16

Sample

$RECYCLE.BIN/$R5VEPRW.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

$RECYCLE.BIN/$RMH8R2U.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral18

Sample

$RECYCLE.BIN/$RMH8R2U.js

Resource

win10v2004-20230220-en

vjw0rm persistence trojan worm

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

$RECYCLE.BIN/$RNQFVCX.js

Resource

win7-20230220-en

vjw0rm persistence trojan worm

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral20

Sample

$RECYCLE.BIN/$RNQFVCX.js

Resource

win10v2004-20230221-en

vjw0rm persistence trojan worm

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral21

Sample

Tb2_payment_receipt_pdf.vbs

Resource

win7-20230220-en

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral22

Sample

Tb2_payment_receipt_pdf.vbs

Resource

win10v2004-20230220-en

guloader downloader persistence

windows10-2004-x64

20 signatures

150 seconds

General

Target

15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0
Size

295KB
MD5

dd21f8249db2858aa4c85c12e71b55cc
SHA1

b9fe37ee982168ef16639bb1cc65ee4137fe7c9f
SHA256

15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0
SHA512

e08ef8f15a9ecbf674c0db5f2a956e39e9f894cd55388a6c8f2cc94dedc6296da6c19e22a282c9ec96b1be3289faf425310dcb30d18b4b2ac763b3537946675b
SSDEEP

1536:FW3JRZLzBJ5wGq4up0KjIko1EnTJgOiAOqZ8RzrWWmBSwGjols/ZL4vUNr:FWVzBJ5wGqpjIko1EVzGlfwGnJXr

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

https://ashaambulanceservice.com/Vuzbri.bmp

Signatures

Purecrypter family
purecrypter

Files

15993026ade985e2d41f8f8d6d60179901f2d5be4515870c1c4030f78466dbb0
.zip
Tb2_Payment_receipt_Pdf.vhd
.vhd
$RECYCLE.BIN/$I40P23D.exe
$RECYCLE.BIN/$I4FIL8H.js
$RECYCLE.BIN/$I5VEPRW.js
$RECYCLE.BIN/$IMH8R2U.js
$RECYCLE.BIN/$INQFVCX.js
$RECYCLE.BIN/$R40P23D.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$RECYCLE.BIN/$R4FIL8H.js
.js
$RECYCLE.BIN/$R5VEPRW.js
.js
$RECYCLE.BIN/$RMH8R2U.js
.js
$RECYCLE.BIN/$RNQFVCX.js
.js
$RECYCLE.BIN/desktop.ini
System Volume Information/WPSettings.dat
Tb2_payment_receipt_pdf.vbs
.vbs

© 2018-2025

Terms | Privacy