purecrypter | 1db6a3913e7a0d08dde8cad8c1af9db94334b96020fc0ec035d9c77fa61e875e | Triage

Submit
Reports

Overview

overview

Static

static

7

BOUNTY_FREE.exe

windows7-x64

BOUNTY_FREE.exe

windows10-2004-x64

Sharing

General

Target

BOUNTY_FREE.exe
Size

4.3MB
Sample

250108-vffdpswmev
MD5

8ac2d675aca9c0d6837fdaf06da9d441
SHA1

2843ab6f217fdd652ea3ca5869df94cc17a8bfd0
SHA256

1db6a3913e7a0d08dde8cad8c1af9db94334b96020fc0ec035d9c77fa61e875e
SHA512

7b2247aa0dee3c51f165f5bffd11c00551921323c6ff09bc46b54ff3e7957c2c54c6517c914bdde4e3b8a7dbeb68d05abbd4a8400955fc0af0cdae53c9b69562
SSDEEP

98304:aqBdvTCa5zayzLu36rQAHGtx+zmBM1vXqtViWaz2eXjb/z2:tTJDaqrQAmtx+mu1vXqtViWDWa

Score

10^/10

purecrypter downloader evasion loader persistence themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

BOUNTY_FREE.exe

Resource

win7-20241010-en

purecrypter downloader evasion loader persistence themida trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

BOUNTY_FREE.exe

Resource

win10v2004-20241007-en

purecrypter downloader evasion loader persistence themida trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

https://cdn.discordapp.com/attachments/1014517792986378343/1022788605682397214/moddedvgc_Dxtgnmlu.bmp

Targets

- Target
  
  BOUNTY_FREE.exe
- Size
  
  4.3MB
- MD5
  
  8ac2d675aca9c0d6837fdaf06da9d441
- SHA1
  
  2843ab6f217fdd652ea3ca5869df94cc17a8bfd0
- SHA256
  
  1db6a3913e7a0d08dde8cad8c1af9db94334b96020fc0ec035d9c77fa61e875e
- SHA512
  
  7b2247aa0dee3c51f165f5bffd11c00551921323c6ff09bc46b54ff3e7957c2c54c6517c914bdde4e3b8a7dbeb68d05abbd4a8400955fc0af0cdae53c9b69562
- SSDEEP
  
  98304:aqBdvTCa5zayzLu36rQAHGtx+zmBM1vXqtViWaz2eXjb/z2:tTJDaqrQAmtx+mu1vXqtViWDWa
Score

10^/10

purecrypter downloader evasion loader persistence themida trojan
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Purecrypter family
  purecrypter
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Sets service image path in registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purecrypterdownloaderevasionloaderpersistencethemidatrojan

behavioral2

purecrypterdownloaderevasionloaderpersistencethemidatrojan

© 2018-2025

Terms | Privacy