purplefox | d0772a8be491a0176211e41812314a98e61ebd0cfeecc6636c6b691b8f8a2b4d | Triage

Submit
Reports

Overview

overview

Static

static

f8e9313f9c...18.msi

windows7-x64

f8e9313f9c...18.msi

windows10-2004-x64

Sharing

General

Target

f8e9313f9c993e3ff4754c28725d7a5f_JaffaCakes118
Size

17.8MB
Sample

240926-wf7cvszemq
MD5

f8e9313f9c993e3ff4754c28725d7a5f
SHA1

e56349d04381300475e1576ee4bde081e39141af
SHA256

d0772a8be491a0176211e41812314a98e61ebd0cfeecc6636c6b691b8f8a2b4d
SHA512

4bd82421566247e31a1c2b3d9244f8a99a1d380efcba55f7c0172256c503b2a98b1e892db9ec39317d3749daf8856156a0c4c23815df8f340583ff961258bef4
SSDEEP

393216:3n50SkxQKakQGVE2D5MFtca9r1wWZveUS3ax6Q3jqbjVPiJXVyE:pu5akHVEc5ULjwWZveUs8jq3VKJXx

Score

10^/10

purplefox discovery persistence privilege_escalation rootkit

Static task

static1

rootkit purplefox

2 signatures

Behavioral task

behavioral1

Sample

f8e9313f9c993e3ff4754c28725d7a5f_JaffaCakes118.msi

Resource

win7-20240903-en

discovery persistence privilege_escalation

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

f8e9313f9c993e3ff4754c28725d7a5f_JaffaCakes118.msi

Resource

win10v2004-20240802-en

discovery persistence privilege_escalation

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  f8e9313f9c993e3ff4754c28725d7a5f_JaffaCakes118
- Size
  
  17.8MB
- MD5
  
  f8e9313f9c993e3ff4754c28725d7a5f
- SHA1
  
  e56349d04381300475e1576ee4bde081e39141af
- SHA256
  
  d0772a8be491a0176211e41812314a98e61ebd0cfeecc6636c6b691b8f8a2b4d
- SHA512
  
  4bd82421566247e31a1c2b3d9244f8a99a1d380efcba55f7c0172256c503b2a98b1e892db9ec39317d3749daf8856156a0c4c23815df8f340583ff961258bef4
- SSDEEP
  
  393216:3n50SkxQKakQGVE2D5MFtca9r1wWZveUS3ax6Q3jqbjVPiJXVyE:pu5akHVEc5ULjwWZveUs8jq3VKJXx
Score

8^/10

discovery persistence privilege_escalation
- Drops file in Drivers directory
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Installer Packages

Netsh Helper DLL

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rootkitpurplefox

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2025

Terms | Privacy