purplefox

General

Target

WhatsAppSetupr.exe
Size

117KB
Sample

220114-hz1grsfbbm
MD5

83e71f37df8557d87bb44c4c64396802
SHA1

e1ceb77f3a29cd314d047d1bf6e2f984d81bde4d
SHA256

d9c73323bc1f6fb31137e8e0ecec6bbcad6d91e10bccf06948e0d3446e05c23a
SHA512

ddd4c57fbfecfd4398fd5b9b5c628f542d6bf2adb550d8b9748d56c1075ebbc12e15aff72c2b62008d51bc5640b189bb87935f254fc8b1ccbc620f3970aa3c49

Score

10^/10

Malware Config

Extracted

Family

purplefox

C2

http://107.151.94.67:4397/77

Extracted

Family

purplefox

Targets

- Target
  
  WhatsAppSetupr.exe
- Size
  
  117KB
- MD5
  
  83e71f37df8557d87bb44c4c64396802
- SHA1
  
  e1ceb77f3a29cd314d047d1bf6e2f984d81bde4d
- SHA256
  
  d9c73323bc1f6fb31137e8e0ecec6bbcad6d91e10bccf06948e0d3446e05c23a
- SHA512
  
  ddd4c57fbfecfd4398fd5b9b5c628f542d6bf2adb550d8b9748d56c1075ebbc12e15aff72c2b62008d51bc5640b189bb87935f254fc8b1ccbc620f3970aa3c49
Score

10^/10

purplefox loader dropper loader rootkit suricata trojan
- Detect PurpleFox Dropper
  Detect PurpleFox Dropper.
  dropper loader
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
  suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
  suricata
- suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
  suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
  suricata
- suricata: ET MALWARE PurpleFox Backdoor/Rootkit Checkin
  suricata: ET MALWARE PurpleFox Backdoor/Rootkit Checkin
  suricata
- suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
  suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
  suricata
- suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
  suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Detect PurpleFox Dropper

Detect PurpleFox Rootkit

suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P

suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download

suricata: ET MALWARE PurpleFox Backdoor/Rootkit Checkin

suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2