purecrypter | 3fcb840d5e65fc86ed5637bdcbab0ecde764d360ebe18a5e5d6795811dc1c622 | Triage

Sharing

General

Target

202311218800-INV62009HX66549.scr.exe
Size

14KB
Sample

231122-ze99xafb9w
MD5

19395fea893e3dcea476504227d56be6
SHA1

f86b35526cd61c8aab3911b11ca692225e341906
SHA256

3fcb840d5e65fc86ed5637bdcbab0ecde764d360ebe18a5e5d6795811dc1c622
SHA512

567acf5e2be2482d923142c3bd574f79475abdcfd9f63768bfe5632fe43b9ebfde3b7865c2d1971eb922686deeac4322d1c627329c96621b0c3b31940586d724
SSDEEP

192:Uebp41yqqdcA32GG0s4LqVrTC+xV/knQi1oo79ED607RQ:UeboyqCZ2GGOLqVTfknQyMR

Score

10^/10

purecrypter collection downloader loader persistence spyware stealer

Malware Config

Extracted

Family

purecrypter

C2

https://teleturismo.it/wp-includes/Tzvgdu.vdf

Targets

- Target
  
  202311218800-INV62009HX66549.scr.exe
- Size
  
  14KB
- MD5
  
  19395fea893e3dcea476504227d56be6
- SHA1
  
  f86b35526cd61c8aab3911b11ca692225e341906
- SHA256
  
  3fcb840d5e65fc86ed5637bdcbab0ecde764d360ebe18a5e5d6795811dc1c622
- SHA512
  
  567acf5e2be2482d923142c3bd574f79475abdcfd9f63768bfe5632fe43b9ebfde3b7865c2d1971eb922686deeac4322d1c627329c96621b0c3b31940586d724
- SSDEEP
  
  192:Uebp41yqqdcA32GG0s4LqVrTC+xV/knQi1oo79ED607RQ:UeboyqCZ2GGOLqVTfknQyMR
Score

10^/10

purecrypter downloader loader collection persistence spyware stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

purecryptercollectiondownloaderloaderpersistencespywarestealer