General
-
Target
3ec149660a6808f711ca6cb6b20c1dda.exe
-
Size
658KB
-
Sample
220122-jyv2bsaddr
-
MD5
3ec149660a6808f711ca6cb6b20c1dda
-
SHA1
45c3d1d8dd512c01fd6c897c67b35c13c49828cb
-
SHA256
2d288f2cd6752a01360f2669959e2c61f676f8156d5cc40d4b415245ae04cf6d
-
SHA512
3a15e7bfbabeb296001086453320a133dc242ef170ccf45d459d2a7f402fadfe3329099d79b368416d565ba0c16eb051b64fe7b756c21f822ab49ec483b5649d
Behavioral task
behavioral1
Sample
3ec149660a6808f711ca6cb6b20c1dda.exe
Resource
win7-en-20211208
Malware Config
Extracted
purplefox
http://107.151.94.70:4397/77
Extracted
purplefox
Sainbox
193.218.38.93
Extracted
purplefox
Targets
-
-
Target
3ec149660a6808f711ca6cb6b20c1dda.exe
-
Size
658KB
-
MD5
3ec149660a6808f711ca6cb6b20c1dda
-
SHA1
45c3d1d8dd512c01fd6c897c67b35c13c49828cb
-
SHA256
2d288f2cd6752a01360f2669959e2c61f676f8156d5cc40d4b415245ae04cf6d
-
SHA512
3a15e7bfbabeb296001086453320a133dc242ef170ccf45d459d2a7f402fadfe3329099d79b368416d565ba0c16eb051b64fe7b756c21f822ab49ec483b5649d
-
suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
suricata: ET MALWARE OneLouder EXE download possibly installing Zeus P2P
-
suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
suricata: ET MALWARE Probable OneLouder downloader (Zeus P2P) exe download
-
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Request M1
-
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
suricata: ET MALWARE PurpleFox Backdoor/Rootkit Download Server Response M1
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Loads dropped DLL
-