General

  • Target

    LSCHaX for 1.67 [External] (Password=123).rar

  • Size

    6KB

  • Sample

    230625-wjkchaec79

  • MD5

    7d6a1d8aa78308651c8e2e2b2e3f8491

  • SHA1

    faebf6665f66147108d264c7b4be034b1932af08

  • SHA256

    458ef97a8cd1bcbc17760bed44765b5f8bddcce614725ae4e3eb3e194db72a18

  • SHA512

    1c22b79f3492983c52d765e4624cfdbf12dabd66659318cde2b0e6214125022030010d0747eeb992a6304dc7c297bb29893282091ae5e85f1566fff92ad01ff0

  • SSDEEP

    192:LN/Q7j0WlAoCdeD4BVOizn56WO/1rxrUptWmi:LN1zUD4j1znyrqtWmi

Malware Config

Extracted

Family

purecrypter

C2

http://botnetlogs.com/PureCrypter/panel/uploads/Ppnqsohgemm.mp3

Targets

    • Target

      LSCHaX for 1.67 [External].exe

    • Size

      12KB

    • MD5

      507fd3ff2f6e179dd26943c3b1015101

    • SHA1

      3220b92de9b791ba7c577986ca955832bdd91e0c

    • SHA256

      44403644c2944552b6d518ac015fc2097ac1bcced378e63e844309c78c8c590e

    • SHA512

      84cd66d8705715b1b6b3caba9b26b01ce1fc9fee632a234c3ecb69eb35b7879ba39f73c05816c48aaa14563dbee19145fe3bf1733d81ca82c8d755bee8018a70

    • SSDEEP

      192:CvjN676gtvCHxaNT/ALcGQ1hp3xR9F90mBRCXmod4BM4YQY:UxaNT/ALcDhxRb95CXmc4YQ

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks