Overview

overview

10

Static

static

10

new order.exe

windows7-x64

10

new order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Updated PO-91487 New order to ship with RVM.img

  • Size

    56KB

  • Sample

    240603-kebc9ahb5s

  • MD5

    97a6dd826eea9091d20169b504f15f1a

  • SHA1

    473e56ad2bfbeb3ca2f01bdae5424fb61b955727

  • SHA256

    d7ae30a230e18273d634fb9a0ecb9fed694d66a5aaba71fb59d5eaa33e2a10bf

  • SHA512

    adf5e4f0851d6126cd016b2b043cba2646ab54c5f3234c60c5f262866ed4b6b2264062a32d0c4ad3483b5b88fb5ea65ad5dc0375fb4cc2ee0be1f435632064d9

  • SSDEEP

    96:5TntK+KmXi5aB+tFLbd58xd2nKFRa08rQzNt:Rnby5q+tVd58AmZIy

Score
10/10
purecryptercollectiondownloaderloaderpersistencespywarestealer

Malware Config

Extracted

Family

purecrypter

C2

http://155.94.210.73/ido.mp3

Targets

    • Target

      new order.exe

    • Size

      6KB

    • MD5

      805f8568083e83c0955f88e76d662d09

    • SHA1

      2b9fb2c42f4b2ca7210c7aadb1363a475355642b

    • SHA256

      713d9f0f4cda96491b1d757e354b08756fc2f67f2cc039b38566c9bb48f23f16

    • SHA512

      10ea6e19f5f93a11c720c9d3f88115402454d6bd01ade0a789d532e5a9e80c9eb9bf47ea1d830661b79c6fc168cabb670677ba18321fe3b6fa94c5d727a116f0

    • SSDEEP

      96:pntK+KmXi5aB+tFLbd58xd2nKFRa08rQzNt:hnby5q+tVd58AmZIy

    Score
    10/10
    purecryptercollectiondownloaderloaderpersistencespywarestealer

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks