SYMBOLCOMMON_NAMEaka. SYNONYMS
win.purecrypter (Back to overview)

PureCrypter

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021
The malware has been observed distributing a variety of remote access trojans and information stealers
The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software products
PureCrypter features provide persistence, injection and defense mechanisms that are configurable in Google’s Protocol Buffer message format

References
2023-02-27PRODAFT Threat IntelligencePRODAFT
@techreport{prodaft:20230227:rig:72076aa, author = {PRODAFT}, title = {{RIG Exploit Kit: In-Depth Analysis}}, date = {2023-02-27}, institution = {PRODAFT Threat Intelligence}, url = {https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf}, language = {English}, urldate = {2023-05-08} } RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2022-06-13ZscalerRomain Dumont
@online{dumont:20220613:technical:631941a, author = {Romain Dumont}, title = {{Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers}}, date = {2022-06-13}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter}, language = {English}, urldate = {2022-07-01} } Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
404 Keylogger PureCrypter

There is no Yara-Signature yet.