MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PureCrypter


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e
SHA3-384 hash: 18a06ddde31c87c6e8a90dd32286d44387f8e199ca6b26fb5711855dd247ea27449eb2535367593defe17ec89c0d15af
SHA1 hash: 18df61b89f1773bc43cccfdc18dc6700913663f9
MD5 hash: da7c24722b5aa296c31ce2d3367cc58b
humanhash: enemy-hydrogen-comet-london
File name:da7c24722b5aa296c31ce2d3367cc58b.exe
Download: download sample
Signature PureCrypter
Create hunting rule
File size:64'512 bytes
First seen:2022-10-22 06:46:50 UTC
Last seen:2022-10-22 08:16:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:Purg9QJvRcwOKP+ldM3C3f9GxZO5z2B8GFEDo:P3QCM6kxd
Threatray 6'010 similar samples on MalwareBazaar
TLSH T1E653D092E158D72AE8304B30893B9EDB4073ADB8E494225F3C94BD5B6E373575932B13
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon cc0f33313333ccd4 (4 x AsyncRAT, 1 x RemcosRAT, 1 x PureMiner)
Reporter abuse_ch
Tags:exe purecrypter

Intelligence

File Origin
# of uploads :
2
# of downloads :
227
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
da7c24722b5aa296c31ce2d3367cc58b.exe
Verdict:
No threats detected
Analysis date:
2022-10-22 06:50:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/14aefbd9-a204-4a1b-8b33-5b6a7ab080cb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/322544/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63006960.28126.10397.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Sending an HTTP GET request to an infection source
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/635391e7339362a6061b4006/reports/bfdcdeb9-9068-4d07-8e89-757cc18e4967/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/768087f3-c1ef-4058-8f5d-277519e87c9d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1095362
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e/
Threat name:
ByteCode-MSIL.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2022-10-22 00:25:55 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
10
AV detection:
11 of 41 (26.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=urnskhodugarwqctjvm6qmxhlljypd75h7w4ye7pyncauoa3uopa._file
Verdict:
malicious
Similar samples:
15e2f966937440c34a383f8a2df6fa8b380fbc858b7560e3129f563296e17fbb
PureCrypter
5a94c5fee27b53c98286774dddf29892ee25e6326e1db3e22db264766af39889
PureCrypter
6887d3d4d5baa135418c2305915c56b448960d03c427f6c63c430465ddaa6547
PureCrypter
70199c37ff74d3feebd76f55ef786284132979a9b8f14bf1180d1f6b30ebb6a3
PureCrypter
a28c4292d9fb2864efc2d8dae2fd6b11cf453536064d5ba85827e438bbd2418d
PureCrypter
ad8707472a147dc440da2adbc80dbcd6269ae0d345b8a85081e390fa8d842947
PureCrypter
e18d0a3c557c1e0ee767ce6d6b53b0ffde2767c075013ffdadbf33576991a34d
PureCrypter
e6d52698d201c0e3dc8a52d6694ecf314a08a5bbc61170dce932a4d9762118e4
PureCrypter
e786277086340b57fe809a77cf9ccf0637c59d049abd8b54588fc6193dd2bdf8
PureCrypter
fa8d8657315c0ff3057652f4b34194de08fa9d2ff3028ad2043b53c551851358
PureCrypter
+ 6'000 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/221022-hj8s7sbdhm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/009a8020-69a7-4726-a27a-afb45610f90f
Unpacked files
SH256 hash:
a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e
MD5 hash:
da7c24722b5aa296c31ce2d3367cc58b
SHA1 hash:
18df61b89f1773bc43cccfdc18dc6700913663f9
Detections:
PureCrypter_Stage1
Create hunting rule
Link:
https://www.unpac.me/results/ce548af9-9e5d-45a4-b71f-e695922875b6/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a45b251dc3a1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PureCrypter

Executable exe a45b251dc3a1811b40534d59e832e75ad3878ffd3fedcc13efc3440a381ba39e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2307201/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/322544/

Comments