purplefox | bf921e0e08e9e0d4a12f4e71841706eca94a096e6e0e7864ba2ea508c6549824 | Triage

Sharing

General

Target

6870f280f21b6e6cd6593f36df70d78d_JaffaCakes118
Size

2.4MB
Sample

240522-yrtbgsed91
MD5

6870f280f21b6e6cd6593f36df70d78d
SHA1

7d02872d246768ddcee494e96fd26056d6d6d8a7
SHA256

bf921e0e08e9e0d4a12f4e71841706eca94a096e6e0e7864ba2ea508c6549824
SHA512

2d0f39421a05221f48aacf333e963d16a0cc239fc86def555559ed14ce5762f74488c82b0256fc57a2d7a94b9385c0bac3c3d16548de65f014beb375df972605
SSDEEP

49152:5SoYTQ3IgOfQAWMBYNRatUZyxA0oPEkfXMKw4morPJm0YV6UO5BpvxVKJk2Kn:vYkIiApBNC0oPuKRmQY0M6UO5BfVK62K

Score

10^/10

purplefox rootkit

Malware Config

Targets

- Target
  
  6870f280f21b6e6cd6593f36df70d78d_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  6870f280f21b6e6cd6593f36df70d78d
- SHA1
  
  7d02872d246768ddcee494e96fd26056d6d6d8a7
- SHA256
  
  bf921e0e08e9e0d4a12f4e71841706eca94a096e6e0e7864ba2ea508c6549824
- SHA512
  
  2d0f39421a05221f48aacf333e963d16a0cc239fc86def555559ed14ce5762f74488c82b0256fc57a2d7a94b9385c0bac3c3d16548de65f014beb375df972605
- SSDEEP
  
  49152:5SoYTQ3IgOfQAWMBYNRatUZyxA0oPEkfXMKw4morPJm0YV6UO5BpvxVKJk2Kn:vYkIiApBNC0oPuKRmQY0M6UO5BfVK62K
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rootkitpurplefox

behavioral1

behavioral2