purecrypter

General

Target

047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a
Size

2.6MB
Sample

241109-clzqesveqq
MD5

9814a046255e18128a7605b718efca93
SHA1

5d83e5f3931720fce6ccb43186391f3114124679
SHA256

047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a
SHA512

bf2f9346bc2296542ae6818df770ad922034e40eb35928c513189edb81df52a7f6b8f53b0b645785902c8ed30f2f578a5361d8bb6ebb8883d5d5f794d3bb20f0
SSDEEP

49152:3mJQWFAlO5SRY8mYzbNKrFtbrR4S2EypQ2QbQQ69cE:2HAOTYvYbDypQ2QbOF

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

new

C2

194.87.71.146:49144

Attributes

auth_value
4c1607b6fe3d7ff96ea7cf54c0ad912c

Targets

- Target
  
  047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a
- Size
  
  2.6MB
- MD5
  
  9814a046255e18128a7605b718efca93
- SHA1
  
  5d83e5f3931720fce6ccb43186391f3114124679
- SHA256
  
  047528fe2e0b207d93b51f21109eea05ece9bec290c8ddf22a09301bf262735a
- SHA512
  
  bf2f9346bc2296542ae6818df770ad922034e40eb35928c513189edb81df52a7f6b8f53b0b645785902c8ed30f2f578a5361d8bb6ebb8883d5d5f794d3bb20f0
- SSDEEP
  
  49152:3mJQWFAlO5SRY8mYzbNKrFtbrR4S2EypQ2QbQQ69cE:2HAOTYvYbDypQ2QbOF
Score

10^/10

purecrypter redline new discovery downloader infostealer loader
- Detect PureCrypter injector
  loader
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Purecrypter family
  purecrypter
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect PureCrypter injector

Purecrypter family

RedLine

RedLine payload

Redline family

Checks computer location settings

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2