purplefox | 02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f | Triage

Submit
Reports

Overview

overview

Static

static

02a911e024...9f.exe

windows7-x64

02a911e024...9f.exe

windows10-2004-x64

Sharing

General

Target

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
Size

899KB
Sample

220819-j181zaafal
MD5

77e815f082224c57b60824e4a0e1bd84
SHA1

275ea889ecde5dddd92565b8c2e95eef639b55e8
SHA256

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
SHA512

ebd530738031f6391424609293d485ae54aab0f10c4ff4a8c93667581c7caabd5c40d38f24253eb8a9e0e3a8bba07a4b3edf9aa1e3313f15583628e05595e1fe
SSDEEP

24576:CDuTCcyN7NiWB7TRnHRrGDBt7nC4O22wLqn:CDuTbyNhllxACXsLo

Score

10^/10

purplefox sainbox loader dropper loader rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe

Resource

win7-20220812-en

purplefox sainbox loader dropper loader rootkit trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f.exe

Resource

win10v2004-20220812-en

purplefox loader dropper rootkit trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

purplefox

Botnet

Sainbox

C2

154.12.58.89

Extracted

Family

purplefox

Targets

- Target
  
  02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
- Size
  
  899KB
- MD5
  
  77e815f082224c57b60824e4a0e1bd84
- SHA1
  
  275ea889ecde5dddd92565b8c2e95eef639b55e8
- SHA256
  
  02a911e02491280762744c40977ee02bcde2df77acb2311367d4e3340a168d9f
- SHA512
  
  ebd530738031f6391424609293d485ae54aab0f10c4ff4a8c93667581c7caabd5c40d38f24253eb8a9e0e3a8bba07a4b3edf9aa1e3313f15583628e05595e1fe
- SSDEEP
  
  24576:CDuTCcyN7NiWB7TRnHRrGDBt7nC4O22wLqn:CDuTbyNhllxACXsLo
Score

10^/10

purplefox sainbox loader dropper loader rootkit trojan
- Detect PurpleFox Dropper
  Detect PurpleFox Dropper.
  dropper loader
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purplefoxsainbox loaderdropperloaderrootkittrojan

behavioral2

purplefox loaderdropperrootkittrojan

© 2018-2024

Terms | Privacy