purplefox | dbf87a5fcbfb1c8fd567e3c7a2103e63ad62422a0cc7d1ea64a265364ecfb3ba | Triage

Sharing

General

Target

setup.jpg
Size

2.9MB
Sample

230710-btws3ahb91
MD5

20bec50362e877fa5935cb1fc67012f9
SHA1

e437f0934a4715bde47367e8a424ae5fe6040e2f
SHA256

dbf87a5fcbfb1c8fd567e3c7a2103e63ad62422a0cc7d1ea64a265364ecfb3ba
SHA512

49dc81b3e84c189f18b599980e15b970a05152d4c91ef2125ac045005f4a7e2f74a6120a23faed814d297784a5c197d3c0b8ec59125f8172f1111a9fe9a9fad3
SSDEEP

49152:QQvlrXVVdWX59GUrSLzeaVtFU2e2PfqZ2jQbfcOQHe1i+aW3NAWt6x7JjhS4V+s0:BlQFrEZHY7LE+x0VV+s0qMr

Score

10^/10

purplefox discovery evasion rootkit

Malware Config

Targets

- Target
  
  setup.jpg
- Size
  
  2.9MB
- MD5
  
  20bec50362e877fa5935cb1fc67012f9
- SHA1
  
  e437f0934a4715bde47367e8a424ae5fe6040e2f
- SHA256
  
  dbf87a5fcbfb1c8fd567e3c7a2103e63ad62422a0cc7d1ea64a265364ecfb3ba
- SHA512
  
  49dc81b3e84c189f18b599980e15b970a05152d4c91ef2125ac045005f4a7e2f74a6120a23faed814d297784a5c197d3c0b8ec59125f8172f1111a9fe9a9fad3
- SSDEEP
  
  49152:QQvlrXVVdWX59GUrSLzeaVtFU2e2PfqZ2jQbfcOQHe1i+aW3NAWt6x7JjhS4V+s0:BlQFrEZHY7LE+x0VV+s0qMr
Score

8^/10

discovery evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

File Permissions Modification

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Tasks

static1

rootkitpurplefox

behavioral1

discoveryevasion

behavioral2

discoveryevasion