Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

i.php
Size

996KB
Sample

221019-m3glaafhbl
MD5

b0b7cb36503c46755882751191c9a711
SHA1

c0d058bacb81f36dfd1b1d99a386ff0a7bb0ec7a
SHA256

77ed1502e9c8bfd2e91f04e3dce2d5649f68201061fb24c4ab4fa5e9b7fdec50
SHA512

4f00e5743fa56f553ce64d1ebc35a71cd5cb5200d7434f94a46a30fe6efbcbd64d105d440bd1ce45c2b66f9e91b622e6cfc8a7de08bf08727fc75df1cec32b4d
SSDEEP

24576:G+aBqnGIQ5M6DLrVVdWG859GCHrSoUzLyaVtFUl:G+8lrXVVdWX59GUrSLzeaVtFU

Score

10^/10

purplefox rootkit

Malware Config

Targets

- Target
  
  i.php
- Size
  
  996KB
- MD5
  
  b0b7cb36503c46755882751191c9a711
- SHA1
  
  c0d058bacb81f36dfd1b1d99a386ff0a7bb0ec7a
- SHA256
  
  77ed1502e9c8bfd2e91f04e3dce2d5649f68201061fb24c4ab4fa5e9b7fdec50
- SHA512
  
  4f00e5743fa56f553ce64d1ebc35a71cd5cb5200d7434f94a46a30fe6efbcbd64d105d440bd1ce45c2b66f9e91b622e6cfc8a7de08bf08727fc75df1cec32b4d
- SSDEEP
  
  24576:G+aBqnGIQ5M6DLrVVdWG859GCHrSoUzLyaVtFUl:G+8lrXVVdWX59GUrSLzeaVtFU
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

rootkitpurplefox

behavioral1

behavioral2