General

  • Target

    7a27dc2baf775a5e5c3fcd21dbf30708a9af444246caac78bd863ad1a8400357

  • Size

    652KB

  • Sample

    230828-m8j9csdb8z

  • MD5

    d793918f5dd516e211be5e6a14fdb607

  • SHA1

    00e9f5c14895bc5d8dad8eabb5d39da6c425006a

  • SHA256

    7a27dc2baf775a5e5c3fcd21dbf30708a9af444246caac78bd863ad1a8400357

  • SHA512

    58f587433ce5f9271c49eee3de25efd7a52e76a01d99f535deabeef4697ba4715b6da561d9084c125e5076193c438cb8ba417a6997e7d5c63891079276611f8e

  • SSDEEP

    12288:zm76zbLa+EuyokRmwdB9R5zxI2anAo+zciYototNWd1DWf3/jwuiUy6YYG:S76ra1uyokEN2anAobbototNWd1DWfby

Malware Config

Targets

    • Target

      7a27dc2baf775a5e5c3fcd21dbf30708a9af444246caac78bd863ad1a8400357

    • Size

      652KB

    • MD5

      d793918f5dd516e211be5e6a14fdb607

    • SHA1

      00e9f5c14895bc5d8dad8eabb5d39da6c425006a

    • SHA256

      7a27dc2baf775a5e5c3fcd21dbf30708a9af444246caac78bd863ad1a8400357

    • SHA512

      58f587433ce5f9271c49eee3de25efd7a52e76a01d99f535deabeef4697ba4715b6da561d9084c125e5076193c438cb8ba417a6997e7d5c63891079276611f8e

    • SSDEEP

      12288:zm76zbLa+EuyokRmwdB9R5zxI2anAo+zciYototNWd1DWf3/jwuiUy6YYG:S76ra1uyokEN2anAobbototNWd1DWfby

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks