MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureCrypter

Vendor detections: 9

Intelligence 9 IOCs YARA 2 File information Comments

SHA256 hash:	46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033
SHA3-384 hash:	a9497f19a912baa234137bc96f0020688eca93c404c4cdcdea872f6a5183924218538f956e848b157d80272f201a9688
SHA1 hash:	01aee2e18af4a122d34ea5d666e3301e64725bfb
MD5 hash:	f170fd20713fd75cab9e7f107f099e9a
humanhash:	aspen-coffee-chicken-six
File name:	8008b1c3d4681d0dfcb746edb5f96295.dll
Download:	download sample
Signature	PureCrypter Create hunting rule
File size:	2'569'216 bytes
First seen:	2023-02-03 20:01:46 UTC
Last seen:	2023-02-03 21:41:44 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	49152:bDSzpwjSGz2l6Sujw/yQPu6zlFMPEdqNc1uKfZQ:bDSzpwjSsUmlmShNZAQ
Threatray	13'797 similar samples on MalwareBazaar
TLSH	T10AC52907B9D5CE61EA582F73C0AB6C1443918762EB13F30F29ADB3245C037A16A995DF
TrID	83.1% (.DLL) Generic .NET DLL/Assembly (236632/4/32) 4.6% (.SCR) Windows screen saver (13097/50/3) 3.6% (.EXE) Win64 Executable (generic) (10523/12/4) 2.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter	abuse_ch
Tags:	dll purecrypter

Intelligence

File Origin

# of uploads :

# of downloads :

197

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/360079/

Detection(s):

SecuriteInfo.com.Heur.Variadic.A.461.1.13858.9897.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

67%

Tags:

black

Link:

https://www.filescan.io/uploads/63dd683e89bd67c10fdc664b/reports/c6c14b6a-22c4-49a6-8048-02f7a65b8adf/overview

Verdict:

Malicious

Labled as:

Variadic.A.461.Generic

Link:

https://www.hybrid-analysis.com/sample/46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/353334fa-9c84-432c-8d5f-96cc5daf7091

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1165465

Signature

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code references suspicious native API functions

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033/

Threat name:

Win32.Trojan.Variadic

Status:

Malicious

First seen:

2023-02-03 05:55:55 UTC

File Type:

PE (.Net Dll)

AV detection:

15 of 38 (39.47%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=i2lcseaqd4sm5jkdbnspt74ygbmfvfecjoedlrcsynxc3n2o2azq._file

Verdict:

malicious

PureCrypter

164df1aecac769eb2d9485abcb776f9ee55fc1e297c5b8b2bc50009e786d41b2

PureCrypter

7aa87e5a183c7aee29c378225f7ea9d8ace5ff461badde840a963cb2f4c9c929

PureCrypter

866940bb59a32647c96466349066246b172adb7a5010678241be3e9663b1d637

PureCrypter

a05759a606f754ea7315225ccd542774734962fc343d43cc9607db110e7956ee

PureCrypter

cfc9e35e650fccb171caa30fd7db3f6b99a8a16e824fb3f6276526ff10e063cf

PureCrypter

d060ee3029a154a6fba6ed666ee5fafb2c8ee019dcfde0819f8aa24392b6e944

PureCrypter

ebb2dcf0d743e210a391d665b4589e3a0e41189ed1b21fcacc8c14caf13b1ce6

PureCrypter

f00982603a693995cf32649df28ac390ce839638751f04d11517454466061785

PureCrypter

+ 13'787 additional samples on MalwareBazaar

Result

Malware family:

purecrypter

Score:

10/10

Tags:

family:purecrypter loader

Link:

https://tria.ge/reports/230203-yr4gfsed3w/

Unpacked files

SH256 hash:

46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033

MD5 hash:

f170fd20713fd75cab9e7f107f099e9a

SHA1 hash:

01aee2e18af4a122d34ea5d666e3301e64725bfb

Link:

https://www.unpac.me/results/dd73b7a9-731b-4f4c-8e95-13d82dd5f6dd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/46962910101f24cea5430b64f9ff9830585a94824b8835c452c36e2db74ed033

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	grakate_stealer_nov_2021 Create hunting rule

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/360079/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample