PurpleKnight[.]exe[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

PurpleKnight.exe.zip
Size

95.4MB
MD5

ae6085f9f1b9add89e333e475e033134
SHA1

9c03ba5aafd559d8b4041fd3e977aa2238bec8ee
SHA256

c1dec40348f597fdcbd4fcdcd6ddc12225f55d05e5194070622bc0e0cabec143
SHA512

9896ad3eff44db58e0cc3a5cc1e0a1a1bc44617b6463574daefdd1fa3e359781ed17b0251f61f32774b717a2e80a11fdf83ee861c926a5c822933834aa59d80f
SSDEEP

1572864:CiFZToRPe1RbDkB0vbd9oRa/1qbw51GqZQ1GC9PFNXz+LiVnH72rd7YR/rGpuZ1A:CGqR+HkB0rvf6GoPF9zRJH72E/rSU1MR

Score

10^/10

coreentity

Malware Config

Signatures

CoreEntity .NET Packer 1 IoCs

A .NET packer called CoreEntity where it has embedded the payload as a BitMap object which is later decrypted.

coreentity

Processes:

resource	yara_rule
static1/unpack001/PurpleKnight.exe	coreentity

Files

PurpleKnight.exe.zip
.zip
PurpleKnight.exe
.exe windows x64

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:45:ec:69:65:40:16:e8:a1:83:3e:fc
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

02-03-2022 11:48

Not After

14-06-2024 14:30

Subject

CN=SEMPERIS INC.,O=SEMPERIS INC.,L=New York,ST=New York,C=US,1.2.840.113549.1.9.1=#0c15636f64657369676e4073656d70657269732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6f:6d:5c:47:28:f0:39:88:d1:9f:7c:14:33:7e:e9:41:3e:66:7a:56:17:2e:9d:28:91:29:bc:bf:8b:9a:72:c9
Signer

Actual PE Digest

6f:6d:5c:47:28:f0:39:88:d1:9f:7c:14:33:7e:e9:41:3e:66:7a:56:17:2e:9d:28:91:29:bc:bf:8b:9a:72:c9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SEMPERIS INC.,O=SEMPERIS INC.,L=New York,ST=New York,C=US,1.2.840.113549.1.9.1=#0c15636f64657369676e4073656d70657269732e636f6d

11-12-2022 09:19
Valid: true

Chain 1

CN=SEMPERIS INC.,O=SEMPERIS INC.,L=New York,ST=New York,C=US,1.2.840.113549.1.9.1=#0c15636f64657369676e4073656d70657269732e636f6d

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 99.9MB - Virtual size: 99.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 464KB - Virtual size: 463KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
checksums.txt

Sharing

General

Malware Config

Signatures

Files

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

49:45:ec:69:65:40:16:e8:a1:83:3e:fcCertificate

Extended Key Usages

Key Usages

6f:6d:5c:47:28:f0:39:88:d1:9f:7c:14:33:7e:e9:41:3e:66:7a:56:17:2e:9d:28:91:29:bc:bf:8b:9a:72:c9Signer

Signature Validations

Verification

11-12-2022 09:19 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 99.9MB - Virtual size: 99.9MB

.rsrc Size: 464KB - Virtual size: 463KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

49:45:ec:69:65:40:16:e8:a1:83:3e:fc
Certificate

6f:6d:5c:47:28:f0:39:88:d1:9f:7c:14:33:7e:e9:41:3e:66:7a:56:17:2e:9d:28:91:29:bc:bf:8b:9a:72:c9
Signer

11-12-2022 09:19
Valid: true

.text
Size: 99.9MB - Virtual size: 99.9MB

.rsrc
Size: 464KB - Virtual size: 463KB