General

  • Target

    f25114b40c3e55e9bd38866e50aba6622ee140fff1e616010c5e48527d140f90

  • Size

    1.5MB

  • Sample

    230828-qr2nvseb5s

  • MD5

    c90ab34fbac37c0b09dc5dea5818d803

  • SHA1

    028394346e783de10ea614d9d07cad27b75188f3

  • SHA256

    f25114b40c3e55e9bd38866e50aba6622ee140fff1e616010c5e48527d140f90

  • SHA512

    8e83bd188a4f1e5eb783b99545d1c26fda557ac167c5b2c0fecb2d01c198e44ffd3938215c692a71ee3a3f6d0a327f929eed0b93a2ce578d8a3a946c56c0ee49

  • SSDEEP

    24576:LVK2zY2X82tmkWCIF2S3bwLuRYbFIEmJWq83GPG0URj:LY6p3W5HxGFIE66V

Malware Config

Targets

    • Target

      f25114b40c3e55e9bd38866e50aba6622ee140fff1e616010c5e48527d140f90

    • Size

      1.5MB

    • MD5

      c90ab34fbac37c0b09dc5dea5818d803

    • SHA1

      028394346e783de10ea614d9d07cad27b75188f3

    • SHA256

      f25114b40c3e55e9bd38866e50aba6622ee140fff1e616010c5e48527d140f90

    • SHA512

      8e83bd188a4f1e5eb783b99545d1c26fda557ac167c5b2c0fecb2d01c198e44ffd3938215c692a71ee3a3f6d0a327f929eed0b93a2ce578d8a3a946c56c0ee49

    • SSDEEP

      24576:LVK2zY2X82tmkWCIF2S3bwLuRYbFIEmJWq83GPG0URj:LY6p3W5HxGFIE66V

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Deletes itself

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks