purplefox | 73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918 | Triage

Submit
Reports

Overview

overview

Static

static

73efc36feb...18.msi

windows7-x64

8

73efc36feb...18.msi

windows10-2004-x64

8

Sharing

General

Target

73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918
Size

7.1MB
Sample

220731-h55cxafbhm
MD5

565d40ad6713cacdd52532087b43dad7
SHA1

a459551f6023ad22e26e1f94711cb5744c181816
SHA256

73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918
SHA512

721da78bb9dbe71737debe77fc7bd8b9163dfd5764e27767801e33a179574c3e61548b8247c74a78538689ed7373f2782774441d52b2a6ea42b06a673c39356d

Score

10^/10

purplefox discovery rootkit

Static task

static1

rootkit purplefox

2 signatures

Behavioral task

behavioral1

Sample

73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918.msi

Resource

win7-20220718-en

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918.msi

Resource

win10v2004-20220721-en

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918
- Size
  
  7.1MB
- MD5
  
  565d40ad6713cacdd52532087b43dad7
- SHA1
  
  a459551f6023ad22e26e1f94711cb5744c181816
- SHA256
  
  73efc36febbeb770a9e2b2883309c1c1ab9a97bc944b002076092520efeda918
- SHA512
  
  721da78bb9dbe71737debe77fc7bd8b9163dfd5764e27767801e33a179574c3e61548b8247c74a78538689ed7373f2782774441d52b2a6ea42b06a673c39356d
Score

8^/10

discovery
- Drops file in Drivers directory
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

rootkitpurplefox

behavioral1

behavioral2

© 2018-2024

Terms | Privacy