PureCrypter (Malware Family)

PureCrypter

According to zscaler, PureCrypter is a fully-featured loader being sold since at least March 2021
The malware has been observed distributing a variety of remote access trojans and information stealers
The loader is a .NET executable obfuscated with SmartAssembly and makes use of compression, encryption and obfuscation to evade antivirus software products
PureCrypter features provide persistence, injection and defense mechanisms that are configurable in Google’s Protocol Buffer message format

References

2024-01-16 ⋅ ANY.RUN ⋅ Jane, khr0x, Maksim Mikhailov
A Full Analysis of the Pure Malware Family: Unique and Growing Threat
PureCrypter PureLogs Stealer

2023-05-13 ⋅ Sekoia ⋅ Jeremy Scion, Livia Tibirna, Pierre Le Bourhis, Sekoia TDR
Mallox affiliate leverages PureCrypter in MS-SQL exploitation campaigns
PureCrypter TargetCompany

2023-02-27 ⋅ PRODAFT Threat Intelligence ⋅ PRODAFT
RIG Exploit Kit: In-Depth Analysis
Dridex IcedID ISFB PureCrypter Raccoon RecordBreaker RedLine Stealer Royal Ransom Silence SmokeLoader Zloader

2022-08-29 ⋅ 360 netlab ⋅ wanghao
PureCrypter is busy pumping out various malicious malware families
Agent Tesla PureCrypter RedLine Stealer

2022-06-13 ⋅ Zscaler ⋅ Romain Dumont
Technical Analysis of PureCrypter: A Fully-Functional Loader Distributing Remote Access Trojans and Information Stealers
404 Keylogger PureCrypter

There is no Yara-Signature yet.

PureCrypter Propose Change

References

PureCrypter