Rewterz Threat Alert – PureCrypter Malware – Active IOCs

Severity

High

Analysis Summary

PureCrypter malware is a form of malicious software that seeks to encrypt a user’s data and seek a ransom from the user in order to unlock the data. It is primarily spread through phishing emails containing malicious links or attachments, which may appear to be from legitimate sources. When clicked, the malicious code is downloaded to the computer and begins to encrypt the data on the system, making it inaccessible. The user will then be presented with a message demanding a payment in order to unlock their files. Once the PureCrypter malware infects a system, it begins to scan the hard drive for specific types of files to encrypt, such as documents, photos, and videos. The malware uses a sophisticated encryption algorithm to make the files unreadable without the decryption key.

Once the encryption process is complete, the PureCrypter malware displays a ransom note on the victim’s screen, which typically demands payment in a form of cryptocurrency such as Bitcoin in exchange for the decryption key. The ransom amount can vary widely, but it is often in the range of several hundred to several thousand dollars.

To protect against PureCrypter and other types of ransomware, it is important to keep your operating system and software up to date, use antivirus software, and avoid downloading and opening suspicious email attachments or clicking on links from unknown sources. It is also recommended to regularly backup your important files to an external hard drive or cloud storage service to avoid losing access to them in the event of a ransomware attack.

Impact

• File Encryption
• Data Loss
• Financial Loss
• Disruption Of Operations

Indicators of Compromise

MD5

• f27031512e83f5ed49c6d605094629a8
• 8219cf79a105ecdd2250dc76cd091423
• b9242c8c1b0d0beb00c9d67a20e85c73
• d749a68e8a626d1fa86c707999e19828

SHA-256

• 312cdff50ae04227f5b588b204893fbf70ba3c784d6f8efc81a981db4029947c
• ec7ca241abdc7b12dd870aee6feb00f0d5faaf714074246c39c7891f1c8d7149
• 9778c6d49c3ab49c7fd8c4bbbffd5e16aeca9ee0074a9c0854a55adde768e03e
• 6f18c519197668bbf6db0fe9bf290d3d38d656f0c197e3a02cd6018ef5477991

SHA-1

• e67a2ebc1285f55550549c023ac8fe324e809757
• ff10eaeabe81cc08b3040cd88474237ceff79626
• 43592d357c784c64b4182f7d04f293738ea8e848
• 5e1fdde69d8d018b712e2d86b1bc0b664477dfd9

Remediation

• Block all threat indicators at your respective controls.
• Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls
• Emails from unknown senders should always be treated with caution.
• Never trust or open ” links and attachments received from unknown sources/senders.
• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.