Overview

overview

10

Static

static

1

vvmchet-windovv.msi

windows7-x64

10

vvmchet-windovv.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vvmchet-windovv.msi.vir

  • Size

    313.0MB

  • Sample

    241128-b49snswkgj

  • MD5

    b433ac6a628665157c009834c3c41634

  • SHA1

    567f922c4595d535e96b21741156f29ebb61341f

  • SHA256

    6c77bf7ca5b7bb5ce7e926e8981600f7c9fda533bbbf5df1a544c37d892948bd

  • SHA512

    06dff3810cf41bc72187aee8c0ca817a0590f5bec523db0adda2e64c3e45dc754762576b37b41c21d4b7e37da36aa75969d561809c2e233bff8adb3f299519bd

  • SSDEEP

    6291456:68BnEZsQe41dIIdVAUnRYJHqxVHerMSlcF8aLPIY7hcU6T8V7:0M4zIWVAVkKraLIYr6AV7

Score
10/10
purplefoxdiscoverypersistenceprivilege_escalationrootkittrojan

Malware Config

Targets

    • Target

      vvmchet-windovv.msi.vir

    • Size

      313.0MB

    • MD5

      b433ac6a628665157c009834c3c41634

    • SHA1

      567f922c4595d535e96b21741156f29ebb61341f

    • SHA256

      6c77bf7ca5b7bb5ce7e926e8981600f7c9fda533bbbf5df1a544c37d892948bd

    • SHA512

      06dff3810cf41bc72187aee8c0ca817a0590f5bec523db0adda2e64c3e45dc754762576b37b41c21d4b7e37da36aa75969d561809c2e233bff8adb3f299519bd

    • SSDEEP

      6291456:68BnEZsQe41dIIdVAUnRYJHqxVHerMSlcF8aLPIY7hcU6T8V7:0M4zIWVAVkKraLIYr6AV7

    Score
    10/10
    purplefoxdiscoverypersistenceprivilege_escalationrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Purplefox family

      purplefox

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks