purplefox | 72601209c92391bd76101e3fb8c96414db8850ca4979379527a979b8ad097589 | Triage

Resubmissions

31-08-2023 02:23

230831-cvdvbacd33 10

31-08-2023 02:12

230831-cmtwkacc96 10

Sharing

General

Target

D23593D7.Png
Size

1.4MB
Sample

230831-cmtwkacc96
MD5

e7c7a8a1ba187b67be9bdb024813a0df
SHA1

521ed1044d36304ae2257260ef6169cced71d5a9
SHA256

72601209c92391bd76101e3fb8c96414db8850ca4979379527a979b8ad097589
SHA512

bec24b7ed0648f228e10c9f52ed22138649659bdf9e1c96833f49808056200e416130a894e49889b2e0a73268a864b5938745a7c1e7307e46b38b99332048257
SSDEEP

24576:csuDXXva104BMeRocDP1NhhQEJBDYkaT64Mcctdrbf6zncNynD6BRMhUT:cVX//i5oojQc0HdmdruzcNynD6q4

Score

10^/10

purplefox rootkit

Malware Config

Targets

- Target
  
  D23593D7.Png
- Size
  
  1.4MB
- MD5
  
  e7c7a8a1ba187b67be9bdb024813a0df
- SHA1
  
  521ed1044d36304ae2257260ef6169cced71d5a9
- SHA256
  
  72601209c92391bd76101e3fb8c96414db8850ca4979379527a979b8ad097589
- SHA512
  
  bec24b7ed0648f228e10c9f52ed22138649659bdf9e1c96833f49808056200e416130a894e49889b2e0a73268a864b5938745a7c1e7307e46b38b99332048257
- SSDEEP
  
  24576:csuDXXva104BMeRocDP1NhhQEJBDYkaT64Mcctdrbf6zncNynD6BRMhUT:cVX//i5oojQc0HdmdruzcNynD6q4
Score

7^/10
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rootkitpurplefox

behavioral1

behavioral2