purplefox | b47729f3e6bb3b0a017c7b9ac84fd286ba69526f246e6928be7c65bde7423145 | Triage

Sharing

General

Target

1ba4c0146eda0f204a892338e8283521.bin
Size

2.3MB
Sample

230627-bgk6ssde6s
MD5

f1c2b6d03b86ef8d1e7ab00d2548f489
SHA1

d0810de568cc7beb7111cddfb3e8b390d91504f7
SHA256

b47729f3e6bb3b0a017c7b9ac84fd286ba69526f246e6928be7c65bde7423145
SHA512

9681f3d6b0c52b2b14b3d4ecac21ff39445d5767074275b46dedfe8435b45dc341f423c28ae54cfe6a3df9caeb1ca5e34a1eb68489067c12714e77dd215fb58d
SSDEEP

49152:aNqCexOE7dluGJ7uwtQuj3UY08L1g6RePbt7SDxJiar:MqX5djJ7u4Qujk38LmGiw

Score

10^/10

purplefox discovery evasion rootkit

Malware Config

Targets

- Target
  
  6bf1f5cd684bad9dd43b022e2789e388a36c72d5a87965c644cab01a51249e1e.msi
- Size
  
  2.8MB
- MD5
  
  1ba4c0146eda0f204a892338e8283521
- SHA1
  
  179c033972853250cbf6eedb7b51dadb75936fcb
- SHA256
  
  6bf1f5cd684bad9dd43b022e2789e388a36c72d5a87965c644cab01a51249e1e
- SHA512
  
  fee3759b73c107fd420d514554f1f1d29b77421ab0ced61dab8f44b8380bb7c836609bd809624fea0a5e68dc17fd2aad09ec3e8e852775edd627ea8305f63ae3
- SSDEEP
  
  49152:bBvlrXVVdWX59GUrSLzeaVtFUkQfqZ2jQbfcOQHeCG02NAUt6v6xXdKFV0hpRoGj:JlQFrEaY7cGd/y6/bg
Score

8^/10

discovery evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

rootkitpurplefox

behavioral1

discoveryevasion

behavioral2

discoveryevasion