PureCrypter Malware Targets Government Entities in Asia-Pacific and North America

PureCrypter Malware

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware.

“The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control (C2) to deliver a secondary payload,” Menlo Security researcher Abhay Yadav said.

The different types of malware propagated using PureCrypter include RedLine Stealer, Agent Tesla, Eternity, Blackmoon (aka KRBanker), and Philadelphia ransomware.

First documented in June 2022, PureCrypter is advertised for sale by its author for $59 for one-month access (or $245 for a one-off lifetime purchase) and is capable of distributing a multitude of malware.

PureCrypter Malware

In December 2022, PureCoder – the developer behind the program – expanded the slate of offerings to include a logger and information stealer known as PureLogs, which is designed to siphon data from web browsers, crypto wallets, and email clients. It costs $99 a year (or $199 for lifetime access).

The infection sequence detailed by Menlo Security commences with a phishing email containing a Discord URL that points to the first-stage component, a password-protected ZIP archive that, in turn, loads the PureCrypter malware.

The loader, for its part, reaches out to the website of the breached non-profit entity to fetch the secondary payload, which is a .NET-based keylogger named Agent Tesla.

The backdoor then establishes a connection to an FTP server located in Pakistan to exfiltrate the harvested data, indicating that compromised credentials may have been used to perform the activity.



Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn