purecrypter

General

Target

Everything-1.4.1.1024.x64-Setup.exe
Size

1.8MB
Sample

240622-wq6t3sscjl
MD5

5036e609163e98f3ac06d5e82b677df8
SHA1

176db10a4cda7104f24eece2d87e1a664b7fb929
SHA256

b2afe799584c913532c673f99ade45113bf5a5b605a964ce9fa837f563b6fc21
SHA512

40c4332e2e4132fc7f3a5f0738a67e7725b329c4a4b0643fbc65f5d1de3ca4b6bf7374c2a722ea05f01a5e2ddd458344289fdb39bbb092a0b64e63eb168313e4
SSDEEP

49152:W45XjhjuyXlt4+3oNBGsCornEsYwmve86irCrHEOP:W45XtjLVt4tJ/pmNHerv

Score

10^/10

Malware Config

Extracted

Family

purecrypter

C2

https://360.asesoriaenfarmacias.com/Jhacc.dat

Targets

- Target
  
  Everything-1.4.1.1024.x64-Setup.exe
- Size
  
  1.8MB
- MD5
  
  5036e609163e98f3ac06d5e82b677df8
- SHA1
  
  176db10a4cda7104f24eece2d87e1a664b7fb929
- SHA256
  
  b2afe799584c913532c673f99ade45113bf5a5b605a964ce9fa837f563b6fc21
- SHA512
  
  40c4332e2e4132fc7f3a5f0738a67e7725b329c4a4b0643fbc65f5d1de3ca4b6bf7374c2a722ea05f01a5e2ddd458344289fdb39bbb092a0b64e63eb168313e4
- SSDEEP
  
  49152:W45XjhjuyXlt4+3oNBGsCornEsYwmve86irCrHEOP:W45XtjLVt4tJ/pmNHerv
Score

10^/10

purecrypter bankofmontreal discovery downloader execution loader persistence phishing privilege_escalation spyware stealer
- Detected bankofmontreal phishing page
  phishing bankofmontreal
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral1
- Target
  
  $PLUGINSDIR/Everything/Everything.exe
- Size
  
  2.2MB
- MD5
  
  0170601e27117e9639851a969240b959
- SHA1
  
  7a4aee1910b84c6715c465277229740dfc73fa39
- SHA256
  
  35cefe4bc4a98ad73dda4444c700aac9f749efde8f9de6a643a57a5b605bd4e7
- SHA512
  
  3c24fa02621b78c5ddaf1ad9523045e9fa7ccc02d85a0342e8faafc31be2a3154558d3cefcd9ae8721973fb01450ab36e6bb75a1b95fcc485a4b919f20a2202f
- SSDEEP
  
  49152:GQdoNDZW77g1h0lv3o4MyTW+sWxXigRRlmrK:GQf75A4P9Fo+
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  ece25721125d55aa26cdfe019c871476
- SHA1
  
  b87685ae482553823bf95e73e790de48dc0c11ba
- SHA256
  
  c7fef6457989d97fecc0616a69947927da9d8c493f7905dc8475c748f044f3cf
- SHA512
  
  4e384735d03c943f5eb3396bb3a9cb42c9d8a5479fe2871de5b8bc18db4bbd6e2c5f8fd71b6840512a7249e12a1c63e0e760417e4baa3dc30f51375588410480
- SSDEEP
  
  384:EXsC43tPegZ3eBaRwCPOYY7nNYXC06/Yosa:EXJTgZ3eBTCmrnNA5p
Score

3^/10
behavioral3
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  68b287f4067ba013e34a1339afdb1ea8
- SHA1
  
  45ad585b3cc8e5a6af7b68f5d8269c97992130b3
- SHA256
  
  18e8b40ba22c7a1687bd16e8d585380bc2773fff5002d7d67e9485fcc0c51026
- SHA512
  
  06c38bbb07fb55256f3cdc24e77b3c8f3214f25bfd140b521a39d167113bf307a7e8d24e445d510bc5e4e41d33c9173bb14e3f2a38bc29a0e3d08c1f0dca4bdb
- SSDEEP
  
  48:S46+/nTKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mFofjLl:zFuPbOBtWZBV8jAWiAJCdv2Cm0L
Score

3^/10
behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  cff85c549d536f651d4fb8387f1976f2
- SHA1
  
  d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
- SHA256
  
  8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
- SHA512
  
  531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
- SSDEEP
  
  192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr
Score

3^/10
behavioral5