purecrypter | SWIFT COPY[.]zip | Triage

Sharing

General

Target

SWIFT COPY.zip
Size

97KB
MD5

21b9892064e1419deb09bf8c0f63b2fd
SHA1

fcd63b451fd6ea7eed0783ee36fe8a9c28aa3d3d
SHA256

cedfc1f6d1dd50aea4cb43615c7d36d1f6caa1948452c2d0b366d16e024f5c36
SHA512

658198f3691a1b71be81f16d159bbe73b7c3ef291bf849a7082e2916e72e4a9e1bfb5568973ee2c279a09944236665fd53759a2a85b5e3d709920b39b2ba16a3
SSDEEP

3072:Srza3guUQwF8V9ZjRgNT/boCa8Iih2anbU:S3a3jwmg/kTFiPbU

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

https://files.catbox.moe/gmiwb3.vdf

Signatures

Purecrypter family
purecrypter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Bdigncsrz.exe

Files

SWIFT COPY.zip
.zip
Bdigncsrz.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ