MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureCrypter

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d
SHA3-384 hash:	f32323e5dd41586d521a367d93b712824216fd9dc05a73c5fffaaeec5dca3c6be5eea81cf54c1a3df7bbbbdc36c0f33d
SHA1 hash:	91c0b30ad988678182f37a3f4bfa5cfc4a51857c
MD5 hash:	34242398be6a80b536ac21be06f7d2ec
humanhash:	jupiter-blue-dakota-blue
File name:	34242398be6a80b536ac21be06f7d2ec.exe
Download:	download sample
Signature	PureCrypter Create hunting rule
File size:	19'968 bytes
First seen:	2023-06-12 11:20:30 UTC
Last seen:	2023-06-12 11:37:56 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	384:t2keTUi5j7+37gHeMF20vvvvvvvvvvvvvvvvvv6svnJCKA6g3N3mSv:t2keD+3SeMFhvvvvvvvvvvvvvvvvvv6P
Threatray	217 similar samples on MalwareBazaar
TLSH	T129920808B2551813F40E1BB49C5317900FB97D165893D6AFAAB5FE1E0CA2714AA335E7
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	c2dad2d2d2e9f9d9 (1 x PureCrypter)
Reporter	abuse_ch
Tags:	exe purecrypter

Intelligence

File Origin

# of uploads :

# of downloads :

296

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

34242398be6a80b536ac21be06f7d2ec.exe

Verdict:

Malicious activity

Analysis date:

2023-06-12 11:21:34 UTC

Tags:

opendir blackguard stealer

Link:

https://app.any.run/tasks/2d01e23e-faad-4f37-8179-60a92e53a7a8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/397925/

Detection(s):

SecuriteInfo.com.Win64.DropperX-gen.24797.14039.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Launching a process

Creating a file

Using the Windows Management Instrumentation requests

Creating a file in the %temp% directory

Reading critical registry keys

Stealing user critical data

Unauthorized injection to a system process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6486ffa4b9c0d76d4af988ae/reports/d56dc5ed-6604-44fb-9e0e-573fbdcd036c/overview

Verdict:

Malicious

Labled as:

MSIL/TrojanDownloader.Agent_AGen

Link:

https://www.hybrid-analysis.com/sample/085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/32eb4445-ab6e-4a1c-a44d-cf6e58b70ba6

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1252917

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Injects a PE file into a foreign processes

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Multi AV Scanner detection for submitted file

Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2023-06-12 08:42:02 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

13 of 37 (35.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bblvqwklqacp7tjmbn2bhvt4h7maetmjcwvmks4v3nmwbhd32voq._file

Verdict:

malicious

PureCrypter

137acc4163cf5957ffe8fd34d70af35d996f442fd2700bfa66f589647c2206db

PureCrypter

21778db8e0c534932dea7dd3408f95944d2688b9023b8d668349e830ab58927f

PureCrypter

4a8da72abff64bcf80a2500077504588b720180b7694203bdb2434fa075fa7fa

PureCrypter

65ca3b5e72969ebb0de9144b603cc0028183ac2caf87f89c3e4cb34ad38b425b

PureCrypter

6b0ef726a01c2f7b18ce4409dcce197cdbfeba8ac17948488a0a17c2c09c9aba

PureCrypter

6b58715b6f88fa91e2fb481b8640ff8579023e5d586b2964fbeac6f5ec63d5f8

PureCrypter

9142931e43055d6363ee826270edf47ada8acc56ebca1084ca9ee2fcca579536

PureCrypter

a8d22d7ca681510340d5b23b4d2bba492622bdf3052a3cb0a996f1e2e25436aa

PureCrypter

cdda25e04fe115e6096cda6bcd6c8d9176ef5e6b6a7a52019aa58e938493413e

PureCrypter

+ 207 additional samples on MalwareBazaar

Result

Malware family:

purecrypter

Score:

10/10

Tags:

family:purecrypter collection downloader loader spyware stealer

Link:

https://tria.ge/reports/230612-nf1ajsbg42/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Suspicious use of SetThreadContext

Accesses Microsoft Outlook profiles

Reads user/profile data of web browsers

PureCrypter

Malware Config

C2 Extraction:

http://purecry.ydns.eu/pure/Oqbokp.dll

Unpacked files

SH256 hash:

085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d

MD5 hash:

34242398be6a80b536ac21be06f7d2ec

SHA1 hash:

91c0b30ad988678182f37a3f4bfa5cfc4a51857c

Link:

https://www.unpac.me/results/6782ed85-fc3f-47ea-944a-a29367e5ef15/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/085758594b80/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureCrypter

exe 085758594b8004ffcd2c0b7413d67c3fd8024d8915aac54b95db59609c7bd55d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2656974/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/397925/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample