win.purecrypter (Back to overview)


According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021
The malware has been observed distributing a variety of remote access trojans and information stealers
The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software products
PureCrypter features provide persistence, injection and defense mechanisms that are configurable in Google’s Protocol Buffer message format

2024-01-16ANY.RUNJane, khr0x, Maksim Mikhailov
A Full Analysis of the Pure Malware Family: Unique and Growing Threat
PureCrypter PureLogs Stealer
2023-05-13SekoiaJeremy Scion, Livia Tibirna, Pierre Le Bourhis, Sekoia TDR
Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns
PureCrypter TargetCompany
2023-02-27PRODAFT Threat IntelligencePRODAFT
RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader
2022-08-29360 netlabwanghao
PureCrypter is busy pumping out various malicious malware families
Agent Tesla PureCrypter RedLine Stealer
2022-06-13ZscalerRomain Dumont
Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
404 Keylogger PureCrypter

There is no Yara-Signature yet.