purecrypter | nPayment-Details[.]xz | Triage

Sharing

General

Target

nPayment-Details.xz
Size

46KB
MD5

6eb1ef43c9ecc1a86897ffdb162aaa43
SHA1

55199f50d968248e0678a35cdf0a6890e08d29ae
SHA256

7cbf369e9b8fee8321e8c74e96128179f42d53e00d41eff07f97e872b945db0a
SHA512

a3c4f55c264f12c2872b518ef0a4e9cebf5d851bc912fdcfcefdbdba941462b116de139f5fc65040bf59be7d44bf8480880af70dd3d82fbc4c9a88f3ec55bd10
SSDEEP

768:w6OxmG9tXZ1O9eGYKKlmPkyaShdMv60toTzo83q0P+B6oaPMfFlf:A39BZYDImPka5TN3qs7MfFB

Score

10^/10

purecrypter

Malware Config

Extracted

Family

purecrypter

C2

https://etehadshipping.com/chmod permission 777/panel/Uslmwziyya.vdf

Signatures

Purecrypter family
purecrypter

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Payment-Details/Payment-Details.scr

Files

nPayment-Details.xz
.rar
Payment-Details/Payment-Details.scr
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ