purecrypter

Sharing

Copy URL

Twitter E-mail

General

Target

Alex-2023-08-01-52-ransomware-samples (2).zip
Size

343KB
Sample

240101-qxjp8sbgfq
MD5

2a1fe9e74da9d2a717996414590d5b13
SHA1

fc8dc10b1f18d5ffb320419bd758aa17367c4856
SHA256

7529970855e64a5bef4c31b4670348e21810c56ccc1bfaba8ddfd50cf483b863
SHA512

1ceb6f2e35e2ccbbf861b133bf33f5f8cbe6eec7b0bbf1bee71dc2b6f1e8c4a202877e8efad82dfc801c32a487817febafcb6f842b5864b3a5610617d15a0c87
SSDEEP

6144:RBmiEaUTKuYGf4KplFOU6OIx7QIdy1Nzeg6+1z8Qs:RBc6N7kt66z2

Score

10^/10

Malware Config

Extracted

Family

purecrypter

http://80.66.75.116/Kkxdfj.dll

http://80.66.75.116/Qknmsxijajg.bmp

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://110.40.169.19:8080/taViSsz.exe

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://65.108.157.150/system.bat

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://80.66.75.37/p-Bxcrtduklp.exe

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ENYBENY.TXT

Ransom Note

#######ENYBENY REVENGE####### Great! You a member #Enybeny community, and all files have been encrypted! Encryption - reversible modification, created for protect all your files You can buy decryptor - price 0.00000001 BTC For decrypt contact with: [email protected] OR [email protected] Free decryption as guarantee (1 file, size not 1 mb) And for free(or not) decryption please send file: UniqueKEYForAdmin.EnyBenied.Information Please not delete this note! Good luck. And please check My Computer menu #######ENYBENY REVENGE####### P.S If you deletes all copies of key, after mailing ticket to Free (or not free) decryption, set text or subject:------BEGIN ENYBENY KEY-------484d534051385e5364642f496f38496f333d4c6c2a6a79346944316c55774958202d2041646d696e202d205842544c4442484e-------END ENYBENY KEY------

Emails

[email protected]

Extracted

Path

C:\PerfLogs\ENYBENY.TXT

Ransom Note

#######ENYBENY REVENGE####### Great! You a member #Enybeny community, and all files have been encrypted! Encryption - reversible modification, created for protect all your files You can buy decryptor - price 0.00000001 BTC For decrypt contact with: [email protected] OR [email protected] Free decryption as guarantee (1 file, size not 1 mb) And for free(or not) decryption please send file: UniqueKEYForAdmin.EnyBenied.Information Please not delete this note! Good luck. And please check My Computer menu #######ENYBENY REVENGE####### P.S If you deletes all copies of key, after mailing ticket to Free (or not free) decryption, set text or subject:------BEGIN ENYBENY KEY-------776f74556e3979326741774042722a576a675362777449517a38703542513739202d2041646d696e202d205453424b464a514d-------END ENYBENY KEY------

Emails

[email protected]

Targets

- Target
  
  Alex-2023-08-01-52-ransomware-samples (2).zip
- Size
  
  343KB
- MD5
  
  2a1fe9e74da9d2a717996414590d5b13
- SHA1
  
  fc8dc10b1f18d5ffb320419bd758aa17367c4856
- SHA256
  
  7529970855e64a5bef4c31b4670348e21810c56ccc1bfaba8ddfd50cf483b863
- SHA512
  
  1ceb6f2e35e2ccbbf861b133bf33f5f8cbe6eec7b0bbf1bee71dc2b6f1e8c4a202877e8efad82dfc801c32a487817febafcb6f842b5864b3a5610617d15a0c87
- SSDEEP
  
  6144:RBmiEaUTKuYGf4KplFOU6OIx7QIdy1Nzeg6+1z8Qs:RBc6N7kt66z2
Score

1^/10
behavioral1 behavioral2
- Target
  
  037f9434e83919506544aa04fecd7f56446a7cc65ee03ac0a11570cf4f607853
- Size
  
  45KB
- MD5
  
  d90c1152a25beae7612a1ee2e1caede5
- SHA1
  
  08c2247f37527cb4b0b14ce38f3a814c6d285717
- SHA256
  
  037f9434e83919506544aa04fecd7f56446a7cc65ee03ac0a11570cf4f607853
- SHA512
  
  3defc77e24c9b69f662a1cc1c25c251cb60f03da779731772ae7f39b017a3f1302f7b6bb09fd3ff8f7fb1bdcf0fe0a744067156efd9af226330ad8f5a1e280ce
- SSDEEP
  
  768:7HV510G1Uz65Y3u9c7iBgfWFI3DKJoX+xf:71eK
Score

1^/10
behavioral3 behavioral4
- Target
  
  05194b34f8ff89facdd7b56d05826b08edaec9c6e444bdc32913e02cab01afd4
- Size
  
  62KB
- MD5
  
  eec4cd9084e02c6c32cfb73f6d1362d6
- SHA1
  
  4791db1e3ba5215a8eec0c9c913e56512d6e64f8
- SHA256
  
  05194b34f8ff89facdd7b56d05826b08edaec9c6e444bdc32913e02cab01afd4
- SHA512
  
  4ae82d2ddc6739d143dc2f28a88b8a6ed37af90bab07d7eee3cf99eaa088e6d4d0dfcedc4e7d36181e3df91399ca5b1c685e2b2168dcac1b6dd56e8ef5c6e058
- SSDEEP
  
  1536:2RbrMvvejhi03B/qb9ky056c1kYrKYiK0GMYelC:6Bxibjcf1VrK00GMYN
Score

1^/10
behavioral5 behavioral6
- Target
  
  1285e648efbbeb50a2dddcd622a2230690975eb68cb05fdf0873ed3d359709ff
- Size
  
  9KB
- MD5
  
  cfdfaa60e53821c8adac6a3dd1b07b7d
- SHA1
  
  972e208a3392173b0d7195fc88fb9126426f1e63
- SHA256
  
  1285e648efbbeb50a2dddcd622a2230690975eb68cb05fdf0873ed3d359709ff
- SHA512
  
  ed636a358372b50670d538e1b8e27a988a42f6c98bd7473a7e26e55c2efabd7c067fdd53623e5a0b4501ae0e0e715843a851574f4b742c33ac000000eabf72cf
- SSDEEP
  
  192:RihHUYFK7cq6dBN213luSGZXCfwVlmSleemeZ07Yyy2e0gWwd7JifeGwlSu:khHUYFK7cqyM1alCf+lmSlebCPDb0g7Z
Score

3^/10
behavioral7
- Target
  
  159fbb0d04c1a77d434ce3810d1e2c659fda0a5703c9d06f89ee8dc556783614
- Size
  
  406B
- MD5
  
  f4a8bd1b15d01c9816d7b5bd4d02a2d0
- SHA1
  
  49abe60e1265fbc7b91f10f830bb8512c7c59339
- SHA256
  
  159fbb0d04c1a77d434ce3810d1e2c659fda0a5703c9d06f89ee8dc556783614
- SHA512
  
  b16464e12cc1e0b571d88176289e1727430c3c3a9f1c629bf81c4ef5c332ff192e67883fe03a6eae01ae2204358f864356655f3866b4c71b252507d940c5b02d
Score

1^/10
behavioral8 behavioral9
- Target
  
  1db1c4bf74d0aca8e06a007701899c93be174a9391a74f5258f03149a0e85efd
- Size
  
  9KB
- MD5
  
  2fa45bbf7a56ac599e8d5f216725c4fc
- SHA1
  
  26be72d9ff8848246062ac1d4be9493319abb49a
- SHA256
  
  1db1c4bf74d0aca8e06a007701899c93be174a9391a74f5258f03149a0e85efd
- SHA512
  
  21fdbef8a78f94cfe9af367c4c053ba1e05055af7dd026f3e7bd4d0bfb4c768b89c6c0a532f59e443aa851b7c14620e4b98127ec8d662c1318996b5770c3086c
- SSDEEP
  
  192:NEediGFFYv7OjsQNXAQFESwIBcDHbfDXWFYK1oz9ZZcJFtEj:NEe7FYTtoP0b01s9Z
Score

1^/10
behavioral10 behavioral11 behavioral12 behavioral13
- Target
  
  29dd920ac1453b5be12fcef5af45690dbbe625e985f6692e237a057e832937e5
- Size
  
  67KB
- MD5
  
  26838a257e64a6c6dfeb1d49f3fe114f
- SHA1
  
  105c02e87551ccdb00b27eb939dae094a418fa29
- SHA256
  
  29dd920ac1453b5be12fcef5af45690dbbe625e985f6692e237a057e832937e5
- SHA512
  
  6e71bc97e0d1d9d64f85e30d0c6a0cd8f8e9f503496962cda8a694fdd90930ccae289132aba2fbd61eefc782298399deacc20a49476a8775811191423c639174
- SSDEEP
  
  1536:diEmjO9wAM2Cq6Av4YHLV1zbYnGJ0+FonVZ4iD5aJxuNRj6W8Q:6UwAMQTv7p1zEG6+sVBKWR
Score

1^/10
behavioral14 behavioral15
- Target
  
  2001.exe
- Size
  
  138KB
- MD5
  
  b9272a777740d1b5796cc6eaf7eff252
- SHA1
  
  43526f39d742bb421ebe2514fa1e7bee2ec0f86d
- SHA256
  
  df93154c63aeea6a56d0f2b4c89d424f38897c2a43d756495efa4cfa69f87aa4
- SHA512
  
  2e19dd25e46400878b6fcecceb8a7f650a996e47f8b785f3a63e640710951a4a8fe6991842879d1959b65f59f25ccefc76b39bd9d46fa62e3acb5d5a481544bc
- SSDEEP
  
  3072:1ZO75plD368W/5SeiLHpV3IhzfW+3g70XdlqgDuYUB/vemeeCLdJLVd:1C5px3HW/3iLHpV4hzu+jd7uYU5JexTd
Score

9^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (248) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral16 behavioral17
- Target
  
  2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321
- Size
  
  40KB
- MD5
  
  15a1836e659344283f44f9c5125d8083
- SHA1
  
  cc175e5e55a15df5c6bcae29f7b959df0fa811ef
- SHA256
  
  2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321
- SHA512
  
  9ff4161ec61881d522970f5b242d724ef17397ca4fac53fa6ce56e6dd0aa8cde88ace4037d22d91e389be0f91d78af132b727dff08baff0e902922c4700d3fdc
- SSDEEP
  
  768:zM+tyzOFqhepP6cRtfi/z/gUTmPo7ZZcflOhWzp6QOE4ItEXIeAWU:zcqqMF6Oa/p8flOhWzp6QOE4ItEVAWU
Score

10^/10

ransomware spyware stealer
- Renames multiple (142) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral18 behavioral19
- Target
  
  6698f8ffb7ba04c2496634ff69b0a3de9537716cfc8f76d1cfea419dbd880c94
- Size
  
  35KB
- MD5
  
  d330be610005fd3f584e0386fd03aa90
- SHA1
  
  a51661f21400841374cca6828eef190221132eea
- SHA256
  
  6698f8ffb7ba04c2496634ff69b0a3de9537716cfc8f76d1cfea419dbd880c94
- SHA512
  
  986516917f9c60679b9c1e82c7721ef5cb3fa9122cca82d67d6c24e6d36e90b7ca14395d9ad9392a778c46c2f270c232a1d548361196ba2e3f9bb1ec5466621f
- SSDEEP
  
  192:X/akS5/akS6/akSz/akSU/akS1/akSG/akSP/akSg/akSB/akSi/akS7/akSc/ap:XYz61UPGBg7i9c3uJoDe3FkfefwLf
Score

1^/10
behavioral20 behavioral21
- Target
  
  6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e
- Size
  
  34KB
- MD5
  
  67fd732ee69588cb09b316346bc61ee1
- SHA1
  
  f40f54c139277019cf58ef57469af6794bed7e94
- SHA256
  
  6c109d098a1f44017f3937a71628d9dbd4d2ca8aa266656ee4720c37cc31558e
- SHA512
  
  7ac8e75dad8145c99e5cfa5581d4044bbdb69a86e51102f32625f491ece716484a8e3b4a6d6dfd5d541ebb11eaaa4f19aaeaa6624eaef8ba3defa41c5544863b
- SSDEEP
  
  768:tJ1Y2317XpwE3sKfkCbJokUP/W1BqpBo/P6:tJ1N71D6xP/WLq8P6
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
behavioral22 behavioral23
- Target
  
  70d176272ef4e088bbaf2f1db5658131e2b99bdb5c2a2f89bb522c900d8a2def
- Size
  
  15KB
- MD5
  
  0f55c5a3c42d6d6ccfc2957d74ff6eb2
- SHA1
  
  6d009b602c68c4d9f0ecd60e4674178fd8e1d01c
- SHA256
  
  70d176272ef4e088bbaf2f1db5658131e2b99bdb5c2a2f89bb522c900d8a2def
- SHA512
  
  32d8bb7b042ed7a4d4acf68511fc0d60c2dc7a344717c42ab3cff13021587bdffa1fad144730a43903a24e3a1231b0fc8c3827d0b071cc6524e914cd696f9e0a
- SSDEEP
  
  192:2kCQVNg0hyIEV8axM/7/iqZ4+CI8S5yzrMXeyOo8ycUa4lgUCRM07YZfyp:2khV6TOecfwS58rMOH0a4lXCuBfy
Score

1^/10
behavioral24 behavioral25
- Target
  
  742d89c0c1e345a4b2197f3e25b293d7126acfaf954c99243047a6c07003f5a1
- Size
  
  17KB
- MD5
  
  84b23f8b1b69b63e1b9346e04497db18
- SHA1
  
  b52af4d6fca714422f2106ed91bf3c3630943f8c
- SHA256
  
  742d89c0c1e345a4b2197f3e25b293d7126acfaf954c99243047a6c07003f5a1
- SHA512
  
  2d4447f9a8b4d0518a7dbef4da97ac83e4842747b1bfd38535176a4c7d647c9b8b18170befa7e6ba726253589776011d8218bd1d6224f8ffb9488c8e98aeb207
- SSDEEP
  
  384:Q6wPhfhFsk1toM0nw1m4NUQDB1OjE56vvNd5ffffsoI:Q6wPhfhFFDQw193Wa
Score

9^/10

ransomware
- Renames multiple (388) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops desktop.ini file(s)
behavioral26 behavioral27
- Target
  
  75cd1339c8bd95dd4340bb8be524ec098fd18a80c242e0e0f8da3bbbccd641bc
- Size
  
  11KB
- MD5
  
  d1337245efddc6867dc28cfb9374f136
- SHA1
  
  e8b8099ddf63e33fa8d45de9bd226905625b6731
- SHA256
  
  75cd1339c8bd95dd4340bb8be524ec098fd18a80c242e0e0f8da3bbbccd641bc
- SHA512
  
  9efa5b3127ec29a7f93328fce66c0b11206f8fa0786370465aff993cc91cb5b980babaf0c95cdc8df2bd3091bf2d808b33532ae840575c4afc5a2ee2c233eed4
- SSDEEP
  
  192:TtFFjD0sUvAdp0Kq7olDY6A+bUiFyLcIh5g1GoeHU0DFdK:TB0sU4dOKMopkqiow5g1GoeHNFdK
Score

1^/10
behavioral28 behavioral29
- Target
  
  Dimples#1337.jar
- Size
  
  12KB
- MD5
  
  19b897189026d49c29a1a303002e54e5
- SHA1
  
  f12cd214c788b106911375d9493b8ea56f66a7d0
- SHA256
  
  6bb94a0e12a66ba7bd5423e56ee2ebe98fcd6dbd863e7010046a8696e79e2202
- SHA512
  
  f4e739e60ef616d04fad8f34e39fab2ea4cc11e7410a692688af16cf4ffda1e491fb2e9812e2ad6dbd8e4f5fc006c3faa1ca0342c3494619664be324f5dbfc83
- SSDEEP
  
  384:JgqZQndriK1tx9SjbP6peJzb8lbXJQTmj:mqOdpx9sbzZAj6Tmj
Score

7^/10

discovery
- Modifies file permissions
  discovery
behavioral30 behavioral31
- Target
  
  832e563eb312cfaa4dba012f2350e188be5ed6f62eab38b209f4abe7dc0cee4c
- Size
  
  2KB
- MD5
  
  1c17bf743619eb5ea4961ba09a578a71
- SHA1
  
  27766f585fc68bde9b72939a9d658876234ec367
- SHA256
  
  832e563eb312cfaa4dba012f2350e188be5ed6f62eab38b209f4abe7dc0cee4c
- SHA512
  
  6d90f2a9ffa83ba9d6e5dcd999f5a98973fee008701ed15b1bcab791c68275e5ff1245df16844e283f572ea9a9d09592cde26b46a0fca7abb842cb973e144e02
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Deletes shadow copies

Renames multiple (248) files with added filename extension

Enumerates connected drives

Renames multiple (142) files with added filename extension

Drops startup file

Reads user/profile data of web browsers

Renames multiple (388) files with added filename extension

Drops desktop.ini file(s)

Modifies file permissions

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32