purecrypter

General

Target

Yoelcvrbdj.exe
Size

19KB
Sample

230601-mrnv8adh22
MD5

e0848154f754c0cb4d9fce30e73d258c
SHA1

d854344383ac3fb8a6c81653df97dfb6ba47d7e0
SHA256

17e813ed934ac345e4b9b9384aaff9e5b7a20b4efc8f75ef784f06bde2420b2d
SHA512

4a9ea4ac5bf64494f0afdfe636397edfdb425329647aef7e8cc757e1794b350d90d7a10e839f52687364e605fcc7095d91890aa1d99cd1fe3820ac9e5946581e
SSDEEP

384:Fzf4L7L/YLpr71JdWUyLJiCI5HNPNZJ9afejI:G//M3iJ/Ij8

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

https://cdn.discordapp.com/attachments/1113754118750752801/1113762519178285166/Khdovdpst.bmp

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot5996089921:AAFFEnbgTY8Gt8G5jJy6llKhDg_Ha193t7c/sendMessage?chat_id=2054148913

Targets

- Target
  
  Yoelcvrbdj.exe
- Size
  
  19KB
- MD5
  
  e0848154f754c0cb4d9fce30e73d258c
- SHA1
  
  d854344383ac3fb8a6c81653df97dfb6ba47d7e0
- SHA256
  
  17e813ed934ac345e4b9b9384aaff9e5b7a20b4efc8f75ef784f06bde2420b2d
- SHA512
  
  4a9ea4ac5bf64494f0afdfe636397edfdb425329647aef7e8cc757e1794b350d90d7a10e839f52687364e605fcc7095d91890aa1d99cd1fe3820ac9e5946581e
- SSDEEP
  
  384:Fzf4L7L/YLpr71JdWUyLJiCI5HNPNZJ9afejI:G//M3iJ/Ij8
Score

10^/10

purecrypter snakekeylogger collection downloader keylogger loader stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Snake Keylogger

Snake Keylogger payload

Checks computer location settings

Accesses Microsoft Outlook profiles

Looks up external IP address via web service

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2