Extracted

Extracted

• • Target

    ce85ee918e48a7c9a731c87109b9dbda0db744fe753412dad9397f670beebb8f

  • Size

    450KB

  • MD5

    cd005dbadf071616082e110600abc48d

  • SHA1

    c111f671078a2fc46ec46c501e96079cf97e10c7

  • SHA256

    ce85ee918e48a7c9a731c87109b9dbda0db744fe753412dad9397f670beebb8f

  • SHA512

    d1960751778de17ee541669a51c0c7ea7a007af39fb5a957cb28f08d02819b08ce417c24e1f8b83e401ab2dd5cbd524b2ba1e1b83cf1d1f75291aff52b8af87c

  • SSDEEP

    12288:ifH22qla5w/yXbx+DbZ83FLDqqC5l/40PVc:ifH0MW/Ibx+DbZ83pqp5l/

  Score

  10^/10

  blustealerformbookpurecrypterfs44discoverydownloaderloaderpersistenceratspywarestealertrojan

  • BluStealer

    A Modular information stealer written in Visual Basic.

    stealerblustealer

  • Blustealer family

    blustealer

  • Detect PureCrypter injector

    loader

  • Formbook

    Formbook is a data stealing malware which is capable of stealing data.

    trojanspywarestealerformbook

  • Formbook family

    formbook

  • PureCrypter

    PureCrypter is a .NET malware loader first seen in early 2021.

    loaderdownloaderpurecrypter

  • Purecrypter family

    purecrypter

  • Formbook payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2