purecrypter

Sharing

Copy URL

Twitter E-mail

General

Target

PRODUCT_Panty_Poof.rar
Size

343KB
Sample

240214-rz4c4adc8t
MD5

6239eb34bd68418e0875367464ad42c3
SHA1

65a6c0afd708b904c2448f54017a461862c5b019
SHA256

2deae5346696feed6b2cce57eb002e5fac09734e8a0e888cba0935d00d50036e
SHA512

557a3e1c98406aec969f34d43d7bf73f90de0bbbb945c004060ee3bf012c64aa803572eb389a4f46a1f9cdeda794622e3e3c2188e8d05330d186aeb92dc33a50
SSDEEP

6144:CYW9DP5pSgVlCOhNImhtRJY/NP5Mp3cN3znVHRysAMROxgh/APL+ER6CkXFSKqWW:+9DP58gvCOhSmhu/NP55dlnjRKgWL+E1

Score

10^/10

Malware Config

Extracted

Family

purecrypter

https://cdn.discordapp.com/attachments/997814360636391555/1031517343848878110/Tptzutsjt.jpeg

Targets

- Target
  
  PRODUCT_Panty_Poof.rar
- Size
  
  343KB
- MD5
  
  6239eb34bd68418e0875367464ad42c3
- SHA1
  
  65a6c0afd708b904c2448f54017a461862c5b019
- SHA256
  
  2deae5346696feed6b2cce57eb002e5fac09734e8a0e888cba0935d00d50036e
- SHA512
  
  557a3e1c98406aec969f34d43d7bf73f90de0bbbb945c004060ee3bf012c64aa803572eb389a4f46a1f9cdeda794622e3e3c2188e8d05330d186aeb92dc33a50
- SSDEEP
  
  6144:CYW9DP5pSgVlCOhNImhtRJY/NP5Mp3cN3znVHRysAMROxgh/APL+ER6CkXFSKqWW:+9DP58gvCOhSmhu/NP55dlnjRKgWL+E1
Score

10^/10

purecrypter downloader loader spyware stealer
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  PRODUCT Panty Poof/FASTEST SPOOFING METHOD FOR RAGING CHEATING REMOVES VAN152.txt
- Size
  
  333B
- MD5
  
  3ba32eaf6a25fe856062a2131ceb3b41
- SHA1
  
  c477672b3aca791729fa4150a164b85e2b039711
- SHA256
  
  2d92f99676eebf5bdca9ca9ed0cfbd6546594cc7e12cbc4b5ee8d31f92204ca3
- SHA512
  
  5fa111b38b1bc19d959f5add9368b39a9b03fd034119a66b8c65410689a73954d5546f24ca3a044b77d3db27daa0597234b6602710e4d1dd80a61c97c8056418
Score

1^/10
behavioral3 behavioral4
- Target
  
  PRODUCT Panty Poof/FULL SPOOFING INSTRUCTIONS.txt
- Size
  
  593B
- MD5
  
  a933771406a25f8aa159e0bdacfe8e53
- SHA1
  
  7f681d13eeeaaa9ee92854f5c54b02897610bbd4
- SHA256
  
  752fcbcce3630e2f37af44f7a7cf63924d049f91be018a12cfe81162d6de4343
- SHA512
  
  650ed59acd0e297ef1c1d3e4f69794907e9087662c64946ba56a332cd512912b1cf4ca34792effd0fec12e78693a1d052577962742e05f5a5a5e26ecbee801e3
Score

1^/10
behavioral5 behavioral6
- Target
  
  PRODUCT Panty Poof/SPOOFER LOADER.exe
- Size
  
  895KB
- MD5
  
  512a21a95db27f67bbf385b4b68f6aa8
- SHA1
  
  c5ab6cced5b8f146f3a0296532e59d0c5a3ae0ea
- SHA256
  
  ac6ee3886816b257e372a5b7b54ff006c2125f523b04e75d8c531b0a8c81c81d
- SHA512
  
  f4b45aee392d373abd026462bafdad38a37300c8db52d707f572b3fff8ee8a140c6fe514fc55d5257e9d225d1e29b57adc55b9f5408743e25d620c32512e9c07
- SSDEEP
  
  24576:mrovWp6faeGgjjsrdcAONdA22xVK8LRPo4WDD9/wr9WTEHd3:FvWECQn/m
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops file in System32 directory
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Drops file in System32 directory

PureCrypter

Checks computer location settings

Executes dropped EXE

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8