General
-
Target
請求書-Roderick.zip
-
Size
191KB
-
Sample
230710-3zw5kadh28
-
MD5
f3fd8432bd1ff2b373109b3ffc39cf6e
-
SHA1
1c0969759bf97ee7b5ef246239f9e18f2cf70f7b
-
SHA256
30795a87e95ccdb4a5045215607c9a4c53e6061d9c6b893beaaccd614025b116
-
SHA512
fbd308948724294278c5b0996f4f22636fba72b489000f5ba791dddc5670678c055b17c30778c11d872c8f44e35287c4c74ebdbb3c4e97c22c1dc7ce281ae16b
-
SSDEEP
3072:nF82mrnPNnW0Z3lXCwPhaV58bI9Zi+K3OQd+D9+22Cep5og+tnGA+BIUus0bJUxw:nFezlPhCwJaV58bIpIAY22Cep5gtnGAD
Malware Config
Targets
-
-
Target
Invoices.lnk
-
Size
1KB
-
MD5
cbe684367925c53f7a9026f252011724
-
SHA1
ec8cf089aa811c009683c8ee4e5183750ef0452e
-
SHA256
744abbb0d8d00bc5eb058ce47ffffa971c7dbd03a9b204c67284080e99d982da
-
SHA512
7d06394b39ee7b7c9570307fd1f6349fa440ed3d21f8f1ee67ae35c9b3bacabe214b47830e498e56f2fd51f02de44ec2e1625de21abdce5af5fec69f139fdad0
Score10/10-
Detect PurpleFox MSI
Detect PurpleFox MSI.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Blocklisted process makes network request
-
Stops running service(s)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Modifies file permissions
-
Use of msiexec (install) with remote resource
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
Res/TVPSkin.dll
-
Size
124KB
-
MD5
66759c30143666d21dd98351df325c76
-
SHA1
9091be6630ad170d15ca6a6722ce53619ac61229
-
SHA256
e25b35196098206f4ea3903652eed409207a900863a4d7df5edb1c7ba1d94c93
-
SHA512
c27a54bc7565db3776c18900d044925ba7e121cc3ecdf8bac02cf40559e41c280b2b0ee0871803d7c85c5d98e4b0b9ecac3ec7d32ee99b59c61632be64e928d3
-
SSDEEP
1536:GPgVjdZ5PzDpe5zgCG1DT8vzsJkRU39PvpqfHvCuv/Aaz4Isxhr2Rejvz:GPg9vdDpemCG1ezZsPvpA6uQ4QTqRw
Score3/10 -
-
-
Target
Res/hskin.dll
-
Size
132KB
-
MD5
1de37ff829502f5cdeffd86e5ddc5351
-
SHA1
355f026d6f8c43956b8d326026038bf809f7350d
-
SHA256
3eef905a3c6b0729f2ec13924dbf51af6b5d72d256a0e8959e7bd929b7e85294
-
SHA512
78134588efd2003740c3d569d834e9dbfc45df9076bc30d7d8007dd7258f5a6f7db354ce950793e6f93f8a8d90c96cbba938864f759637bb707aa575d6485947
-
SSDEEP
1536:giS5zJfm6ifXMBNJSZw4SLM5Eauu2jebBmSCmjoJJCWueh0q:g7zmrfXNZ4mpBjjoJJCJeCq
Score1/10 -
-
-
Target
Res/tvp.exe
-
Size
228KB
-
MD5
de2052aae5a5915d09d9d1ede714865c
-
SHA1
2161a471b598ea002fc2a1cc4b65dbb8da14a88e
-
SHA256
1d3f51b33070b5b8f11c891bb160f5f737151f3a36c2e24f96c2844b089a5294
-
SHA512
914eb403bc0662266e9b00f52da192463ae782c301be5279579fe88924451fa8b38a9cc9e689499ae7240259e7c03310980f06a5f7cd1b90bda0b3948fb5d1b3
-
SSDEEP
3072:0QUurm/I/Pc1fsrHxbGL+9QD2pkIanLqf0bAadkp2guonxKzjMMDE0BB6p2wkLqj:lRrXECWDianeuonmRankL
Score10/10-
Detect PurpleFox MSI
Detect PurpleFox MSI.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Blocklisted process makes network request
-
Stops running service(s)
-
Loads dropped DLL
-
Modifies file permissions
-
Use of msiexec (install) with remote resource
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-