purplefox | 608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
Size

186KB
Sample

220216-mblqxsbeg8
MD5

2ed8df319374ded66ac933e7b44eb270
SHA1

5f237f5ee1cf93f9860aa3264337727fea796e1d
SHA256

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
SHA512

0c1a5e1f7ab3e82d0c304809b488ba48c7d48c175a53480f26c616c69649caa67f937c6a475b3ed117514255d150cbb1f38cd5de1576fd216ebc4d38c7779c80

Score

10^/10

purplefox sainbox loader dropper loader rootkit trojan

Static task

static1

dropper purplefox

Behavioral task

behavioral1

Sample

608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff.exe

Resource

win10v2004-en-20220113

purplefox sainbox loader dropper loader rootkit trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

purplefox

C2

http://194.146.84.244:4397/77

Extracted

Family

purplefox

Botnet

Sainbox

C2

45.115.124.71

Extracted

Family

purplefox

Targets

- Target
  
  608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
- Size
  
  186KB
- MD5
  
  2ed8df319374ded66ac933e7b44eb270
- SHA1
  
  5f237f5ee1cf93f9860aa3264337727fea796e1d
- SHA256
  
  608b3486309d15bed054e22e20d87c44e43a6cde3dad6942ef592c9d3c4f3cff
- SHA512
  
  0c1a5e1f7ab3e82d0c304809b488ba48c7d48c175a53480f26c616c69649caa67f937c6a475b3ed117514255d150cbb1f38cd5de1576fd216ebc4d38c7779c80
Score

10^/10

purplefox sainbox loader dropper loader rootkit trojan
- Detect PurpleFox Dropper
  Detect PurpleFox Dropper.
  dropper loader
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

dropperpurplefox

behavioral1

purplefoxsainbox loaderdropperloaderrootkittrojan

© 2018-2024

Terms | Privacy