purplefox | 4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850 | Triage

Submit
Reports

Overview

overview

Static

static

4963fa8789...50.exe

windows7-x64

4963fa8789...50.exe

windows10-2004-x64

Sharing

General

Target

4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850
Size

2.7MB
Sample

220902-esdsmsgaaq
MD5

cbe535e83d1bdb0e2ee627e9963ec92e
SHA1

beb701d561634d8ab02354364512baac03f6d80b
SHA256

4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850
SHA512

85c77091d41766aab1f91b990d9c8a3b8ae708b61c6b42bc023147c419d2a4ee0d56d6ce86650bc71f451014063dfd82271bd562a5da87f1ddcf5ef7e94dbf4f
SSDEEP

49152:wDN/LQQQsW2Oa+gJH1KmPhtGAiAnPD3D5Cj4HABszcpyoHJPTBotxYAPCQoCsc:moAVPABszcwoH6PCQ

Score

10^/10

purplefox rootkit trojan

Static task

static1

Behavioral task

behavioral1

Sample

4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850.exe

Resource

win7-20220812-en

purplefox rootkit trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850.exe

Resource

win10v2004-20220812-en

purplefox rootkit trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850
- Size
  
  2.7MB
- MD5
  
  cbe535e83d1bdb0e2ee627e9963ec92e
- SHA1
  
  beb701d561634d8ab02354364512baac03f6d80b
- SHA256
  
  4963fa87894dd865569851d96619d7ad68595c92857978b7cfca274ac0913850
- SHA512
  
  85c77091d41766aab1f91b990d9c8a3b8ae708b61c6b42bc023147c419d2a4ee0d56d6ce86650bc71f451014063dfd82271bd562a5da87f1ddcf5ef7e94dbf4f
- SSDEEP
  
  49152:wDN/LQQQsW2Oa+gJH1KmPhtGAiAnPD3D5Cj4HABszcpyoHJPTBotxYAPCQoCsc:moAVPABszcwoH6PCQ
Score

10^/10

purplefox rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

purplefoxrootkittrojan

behavioral2

purplefoxrootkittrojan

© 2018-2024

Terms | Privacy