purplefox | 6bf1f5cd684bad9dd43b022e2789e388a36c72d5a87965c644cab01a51249e1e | Triage

Resubmissions

07-07-2023 08:01

230707-jwnt8sfg94 10

29-06-2023 07:51

230629-jqaqescd48 10

28-06-2023 06:46

230628-hjl97she7s 10

23-06-2023 16:46

230623-t93knafh55 10

Sharing

General

Target

1.msi
Size

2.8MB
Sample

230623-t93knafh55
MD5

1ba4c0146eda0f204a892338e8283521
SHA1

179c033972853250cbf6eedb7b51dadb75936fcb
SHA256

6bf1f5cd684bad9dd43b022e2789e388a36c72d5a87965c644cab01a51249e1e
SHA512

fee3759b73c107fd420d514554f1f1d29b77421ab0ced61dab8f44b8380bb7c836609bd809624fea0a5e68dc17fd2aad09ec3e8e852775edd627ea8305f63ae3
SSDEEP

49152:bBvlrXVVdWX59GUrSLzeaVtFUkQfqZ2jQbfcOQHeCG02NAUt6v6xXdKFV0hpRoGj:JlQFrEaY7cGd/y6/bg

Score

10^/10

purplefox discovery evasion rootkit

Malware Config

Targets

- Target
  
  1.msi
- Size
  
  2.8MB
- MD5
  
  1ba4c0146eda0f204a892338e8283521
- SHA1
  
  179c033972853250cbf6eedb7b51dadb75936fcb
- SHA256
  
  6bf1f5cd684bad9dd43b022e2789e388a36c72d5a87965c644cab01a51249e1e
- SHA512
  
  fee3759b73c107fd420d514554f1f1d29b77421ab0ced61dab8f44b8380bb7c836609bd809624fea0a5e68dc17fd2aad09ec3e8e852775edd627ea8305f63ae3
- SSDEEP
  
  49152:bBvlrXVVdWX59GUrSLzeaVtFUkQfqZ2jQbfcOQHeCG02NAUt6v6xXdKFV0hpRoGj:JlQFrEaY7cGd/y6/bg
Score

8^/10

discovery evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

rootkitpurplefox

behavioral1

discoveryevasion

behavioral2

discoveryevasion