Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

97ef5b337525f141296c156e7bed821a3752166ab09decaa1d4b7802238cbfa4
Size

422KB
Sample

221023-f45aeageg4
MD5

e4bf8121a206da45438a56a588dfee8d
SHA1

4dbf2591e4c89a4ffa3f254eb7a9bbb334b51c5a
SHA256

97ef5b337525f141296c156e7bed821a3752166ab09decaa1d4b7802238cbfa4
SHA512

cf30e9e33d4df05314b395d49009dacadd5656d78202067433165326ed5e6c1b879551f407905216792a9fd2be1c3cdeec968209c2c4f414c4f028293e0ef3f3
SSDEEP

6144:qJlXOD76PWNrX6WbqHWrNQls1vNE512gWdJ4s2l/Pi/UDTagi5HTcuw3iGQ9Ja4L:eROn6eNrqDWQgNe12n2di8G59JxWu4gd

Score

10^/10

purplefox rootkit trojan upx

Malware Config

Targets

- Target
  
  远赴缅甸打击电信诈骗抓捕现场.com
- Size
  
  533KB
- MD5
  
  ac610ad3802c015f9c13710e8302b0aa
- SHA1
  
  dab8c7124fe3d99fb375fa81c39f409d0db68436
- SHA256
  
  fdfbfc6b003ff682a9b364ff852618c0c6af35e20abd357fb3b875f96581e50c
- SHA512
  
  eb80ab03e8c8a5157ef3ade6bfd7ee41d5d71268f72288dc49cbf44aafe284c089a107e3cd63da3ec52b7c4e36dbc07b10f977b0d1ae75903bd51cf89ec34ed2
- SSDEEP
  
  12288:0kWXuTQ8OKvpmdFzW9f0OnRwCvTXByFNY:DWXkzJJRwWjB
Score

10^/10

purplefox rootkit trojan upx
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

purplefoxrootkittrojanupx

behavioral2

purplefoxrootkittrojanupx