General
-
Target
f373ebb32b2a836b78f932fd436ec49a.exe
-
Size
492KB
-
Sample
220119-k3bzpagfak
-
MD5
f373ebb32b2a836b78f932fd436ec49a
-
SHA1
fdf344a3d5684433e689b61de782d5bd29f185b9
-
SHA256
47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee
-
SHA512
b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48
Static task
static1
Behavioral task
behavioral1
Sample
f373ebb32b2a836b78f932fd436ec49a.exe
Resource
win7-en-20211208
Malware Config
Extracted
purplefox
Sainbox
193.218.38.93
Extracted
purplefox
Targets
-
-
Target
f373ebb32b2a836b78f932fd436ec49a.exe
-
Size
492KB
-
MD5
f373ebb32b2a836b78f932fd436ec49a
-
SHA1
fdf344a3d5684433e689b61de782d5bd29f185b9
-
SHA256
47d178214e35dc1d7dca9886abd3fc3e715a934c5e8540e9f0879d5d1c8addee
-
SHA512
b5fadc8d050d2bae9b1f657f33d8b23d6ac0eb39fb962a64059fe5e39c73a85e5f998a53622e06811616c55d037b115a853794841a2f16354b65af3ca1ffdb48
-
suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
-
suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
-
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
-
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-