Overview

overview

10

Static

static

8

f373ebb32b...9a.exe

windows7_x64

10

f373ebb32b...9a.exe

windows10-2004_x64

10

Resubmissions

28-01-2022 12:16

220128-pfymdsccbk 10

19-01-2022 09:07

220119-k3bzpagfak 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f373ebb32b2a836b78f932fd436ec49a.exe

  • Size

    492KB

  • Sample

    220119-k3bzpagfak

  • MD5

    f373ebb32b2a836b78f932fd436ec49a

  • SHA1

    fdf344a3d5684433e689b61de782d5bd29f185b9

  • SHA256

    47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee

  • SHA512

    b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48

Score
10/10
purplefoxsainbox loaderdropperloaderrootkitsuricatatrojanupx

Malware Config

Extracted

Family

purplefox

Botnet

Sainbox

C2

193.218.38.93

Extracted

Family

purplefox

Targets

    • Target

      f373ebb32b2a836b78f932fd436ec49a.exe

    • Size

      492KB

    • MD5

      f373ebb32b2a836b78f932fd436ec49a

    • SHA1

      fdf344a3d5684433e689b61de782d5bd29f185b9

    • SHA256

      47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee

    • SHA512

      b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48

    Score
    10/10
    purplefoxsainbox loaderdropperloaderrootkitsuricatatrojan

    • Detect PurpleFox Dropper

      Detect PurpleFox Dropper.

      dropper loader

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P

      suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P

      suricata

    • suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download

      suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download

      suricata

    • suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

      suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1

      suricata

    • suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

      suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks