purecrypter | ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3
Size

19KB
Sample

230725-jbbzyabd54
MD5

24f7c61116bfe868c1975f5547c2dce6
SHA1

1dc1965d2b31b8179106953f019cf92bad4cbc9c
SHA256

ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3
SHA512

f2baddae18f88d46faf54b7ff2d66a1105b9d10c0c4162407b2e77ea18d8a040ac72599f9f648923b773cf9067f4041420abfe272e86b99160f45cbb4b7463ee
SSDEEP

384:Z/f4LIB4GY6Wjy86ysDt2evcYNIFaU4AXg89S+:Z34kCt6Qy86pD01++

Score

10^/10

purecrypter rhadamanthys collection downloader loader stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3.exe

Resource

win10-20230703-en

purecrypter rhadamanthys collection downloader loader stealer

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://cleaning.homesecuritypc.com/packages/Cndsqziiveg.mp4

Targets

- Target
  
  ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3
- Size
  
  19KB
- MD5
  
  24f7c61116bfe868c1975f5547c2dce6
- SHA1
  
  1dc1965d2b31b8179106953f019cf92bad4cbc9c
- SHA256
  
  ef76306c22da2d0636a17d5b9b7e5dd895f507bcc186e1ac025e50d1cb8e90c3
- SHA512
  
  f2baddae18f88d46faf54b7ff2d66a1105b9d10c0c4162407b2e77ea18d8a040ac72599f9f648923b773cf9067f4041420abfe272e86b99160f45cbb4b7463ee
- SSDEEP
  
  384:Z/f4LIB4GY6Wjy86ysDt2evcYNIFaU4AXg89S+:Z34kCt6Qy86pD01++
Score

10^/10

purecrypter rhadamanthys collection downloader loader stealer
- Detect rhadamanthys stealer shellcode
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Rhadamanthys
  Rhadamanthys is an info stealer written in C++ first seen in August 2022.
  stealer rhadamanthys
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterrhadamanthyscollectiondownloaderloaderstealer

© 2018-2025

Terms | Privacy