purecrypter | 261a3d632d4b42abe4ff190b7c39feaeabc7405c790f2b7c25de0678f77ff4a3 | Triage

Submit
Reports

Overview

overview

Static

static

1

Moto Parts...cs.xls

windows7-x64

Moto Parts...cs.xls

windows10-2004-x64

1

Sharing

General

Target

Moto Parts Specifications 10000pcs.xls
Size

280KB
Sample

240606-r9ahrsff5w
MD5

8c5389452b99db45d0950da9e78f979c
SHA1

037c5e32e127136e230392048e2a45bc68fd9aef
SHA256

261a3d632d4b42abe4ff190b7c39feaeabc7405c790f2b7c25de0678f77ff4a3
SHA512

d7b6c1f864bdc7fbc67dbcacb26c5186bbc44c4448d7de7253616b81e48227dbea0b9eb9fb3947d7851e48a429f1c188aaccde67e4b9f3110c280dd7989c6d0e
SSDEEP

6144:NqFzL5LIT47HuES6/dvL0DS6n9oOfpRKf/saZ/V/6:NqFzu4LFXvoGY7Kf/5/

Score

10^/10

purecrypter downloader loader

Static task

static1

Behavioral task

behavioral1

Sample

Moto Parts Specifications 10000pcs.xls

Resource

win7-20240419-en

purecrypter downloader loader

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

Moto Parts Specifications 10000pcs.xls

Resource

win10v2004-20240508-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

https://www1.militarydefensenow.com/Stay/Vdopcuygit.vdf

Targets

- Target
  
  Moto Parts Specifications 10000pcs.xls
- Size
  
  280KB
- MD5
  
  8c5389452b99db45d0950da9e78f979c
- SHA1
  
  037c5e32e127136e230392048e2a45bc68fd9aef
- SHA256
  
  261a3d632d4b42abe4ff190b7c39feaeabc7405c790f2b7c25de0678f77ff4a3
- SHA512
  
  d7b6c1f864bdc7fbc67dbcacb26c5186bbc44c4448d7de7253616b81e48227dbea0b9eb9fb3947d7851e48a429f1c188aaccde67e4b9f3110c280dd7989c6d0e
- SSDEEP
  
  6144:NqFzL5LIT47HuES6/dvL0DS6n9oOfpRKf/saZ/V/6:NqFzu4LFXvoGY7Kf/5/
Score

10^/10

purecrypter downloader loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Downloads MZ/PE file
- Abuses OpenXML format to download file from external location
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderloader

behavioral2

© 2018-2025

Terms | Privacy