General

  • Target

    11468a727bd8298fc93e1651400e437def16158c93e0c6cdc239df72fc16df03_JC.lnk

  • Size

    1KB

  • Sample

    231003-q93zmsbb91

  • MD5

    1370c8b810befea6651d6e60dee0b591

  • SHA1

    7bbd08152f5eb10c199904e646ddd672e138e456

  • SHA256

    11468a727bd8298fc93e1651400e437def16158c93e0c6cdc239df72fc16df03

  • SHA512

    d6316cfb95c1205982ac4b0c20986a207132a89f4ab5bfd8eb20ba1e2b8eaf57e45d63dbb3d97100b390786fc911aa197ad9f7fb2f9eef779eb5e62297be606b

Malware Config

Targets

    • Target

      11468a727bd8298fc93e1651400e437def16158c93e0c6cdc239df72fc16df03_JC.lnk

    • Size

      1KB

    • MD5

      1370c8b810befea6651d6e60dee0b591

    • SHA1

      7bbd08152f5eb10c199904e646ddd672e138e456

    • SHA256

      11468a727bd8298fc93e1651400e437def16158c93e0c6cdc239df72fc16df03

    • SHA512

      d6316cfb95c1205982ac4b0c20986a207132a89f4ab5bfd8eb20ba1e2b8eaf57e45d63dbb3d97100b390786fc911aa197ad9f7fb2f9eef779eb5e62297be606b

    • Detect PurpleFox MSI

      Detect PurpleFox MSI.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Blocklisted process makes network request

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

    • Use of msiexec (install) with remote resource

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks