General
-
Target
32835345a86dfdf6b4eed871a68a8f463cf27d77aa038fa24c756e0af4004979
-
Size
37.9MB
-
Sample
220817-ktnbcsdchr
-
MD5
149bc35e57983172f6d98042b269f363
-
SHA1
32c67b21c336ef9bb9a6849501d48a09910df543
-
SHA256
32835345a86dfdf6b4eed871a68a8f463cf27d77aa038fa24c756e0af4004979
-
SHA512
734805965f1344ddb26b3762e2d1e38f2c127eea0cf7dbf056e275a1bd6d57f19f0a9a4042d0c9785fd961e26e50814879a9f31ac7b5159505871708b21f3267
-
SSDEEP
786432:AIbmtS2kq49L6BLK6+njFT2sbA+LysR9QaoE/nK+k/nCeAjJgyspqXAk:1S82Do6B23I++sztoE/nK+k/M0qXd
Malware Config
Targets
-
-
Target
32835345a86dfdf6b4eed871a68a8f463cf27d77aa038fa24c756e0af4004979
-
Size
37.9MB
-
MD5
149bc35e57983172f6d98042b269f363
-
SHA1
32c67b21c336ef9bb9a6849501d48a09910df543
-
SHA256
32835345a86dfdf6b4eed871a68a8f463cf27d77aa038fa24c756e0af4004979
-
SHA512
734805965f1344ddb26b3762e2d1e38f2c127eea0cf7dbf056e275a1bd6d57f19f0a9a4042d0c9785fd961e26e50814879a9f31ac7b5159505871708b21f3267
-
SSDEEP
786432:AIbmtS2kq49L6BLK6+njFT2sbA+LysR9QaoE/nK+k/nCeAjJgyspqXAk:1S82Do6B23I++sztoE/nK+k/M0qXd
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-