UnpacMe Weekly: Extractor Updates
This week, we have updated malware configuration extractors for Remcos & DbatLoader, and added a new extractor for the first stage of PureCrypter.
This week, we have updated malware configuration extractors for Remcos & DbatLoader, and added a new extractor for the first stage of PureCrypter.
PureCrypter
PureCrypter is a .NET crypter that was first observed for sale in March 2021. The malware is sold by the user PureCoder using a Malware-as-a-Service (MaaS) model on the sellix site https://purecoder.sellix.io/. Prices for the crypter range from $39 - $249 USD.
PureCrypter leverages 2 stages to deliver a payload to a victim. The first stage is composed of a simple .NET loader which downloads and executes the 2nd stage of the malware in-memory.
An example of the Stage 1 PureCrypter configuration is shown below.
As always, if you have any feedback or issues please let us know.
Happy Unpacking!