General

  • Target

    89f6a3e0a694c061bdf9286c3fea4223dc25ce92f5e44caac37803af104a92dc.xls

  • Size

    408KB

  • Sample

    240605-b8wrlsaf6s

  • MD5

    dd879dd94f21390ba67b8d21901d352a

  • SHA1

    9e51c02883b1e9822756e52c40cd62e0f47666a4

  • SHA256

    89f6a3e0a694c061bdf9286c3fea4223dc25ce92f5e44caac37803af104a92dc

  • SHA512

    299a94ec13febd50cea534c77642bc301b2e9c9d6621dddaf00cc4e958a2662ebbf158c25791d73bb3192963ffdd53c57561754bea466cd4955b4f52639ebd50

  • SSDEEP

    12288:EqFzu4Lj7aF1C/p3m5tCD5+0ZDYryCkzu2lves:9zu4Ljm3CR1ZDYr21hf

Malware Config

Extracted

Family

purecrypter

C2

https://theloftibiza.com/wp-includes/Eofmqlm.vdf

Targets

    • Target

      89f6a3e0a694c061bdf9286c3fea4223dc25ce92f5e44caac37803af104a92dc.xls

    • Size

      408KB

    • MD5

      dd879dd94f21390ba67b8d21901d352a

    • SHA1

      9e51c02883b1e9822756e52c40cd62e0f47666a4

    • SHA256

      89f6a3e0a694c061bdf9286c3fea4223dc25ce92f5e44caac37803af104a92dc

    • SHA512

      299a94ec13febd50cea534c77642bc301b2e9c9d6621dddaf00cc4e958a2662ebbf158c25791d73bb3192963ffdd53c57561754bea466cd4955b4f52639ebd50

    • SSDEEP

      12288:EqFzu4Lj7aF1C/p3m5tCD5+0ZDYryCkzu2lves:9zu4Ljm3CR1ZDYr21hf

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Abuses OpenXML format to download file from external location

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks