Resubmissions

28-01-2022 12:16

220128-pfymdsccbk 10

19-01-2022 09:07

220119-k3bzpagfak 10

General

  • Target

    f373ebb32b2a836b78f932fd436ec49a.exe

  • Size

    492KB

  • Sample

    220119-k3bzpagfak

  • MD5

    f373ebb32b2a836b78f932fd436ec49a

  • SHA1

    fdf344a3d5684433e689b61de782d5bd29f185b9

  • SHA256

    47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee

  • SHA512

    b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48

Malware Config

Extracted

Family

purplefox

Botnet

Sainbox

C2

193.218.38.93

Extracted

Family

purplefox

Targets

    • Target

      f373ebb32b2a836b78f932fd436ec49a.exe

    • Size

      492KB

    • MD5

      f373ebb32b2a836b78f932fd436ec49a

    • SHA1

      fdf344a3d5684433e689b61de782d5bd29f185b9

    • SHA256

      47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee

    • SHA512

      b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48

    • Detect PurpleFox Dropper

      Detect PurpleFox Dropper.

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P

      suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P

    • suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download

      suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download

    • suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

      suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

    • suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

      suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks