General
-
Target
1f8bd3be8998046f4d49d6a7a2f8e13980de241fdb0c4c8b3c2de467fb425461.msi.vir
-
Size
88.1MB
-
Sample
241128-hbx2qsynaz
-
MD5
9b6d3f468e121e147da06c5fa36c48a4
-
SHA1
72f49dd62358b63bcec6b7f8d6ddb297890ae9de
-
SHA256
1f8bd3be8998046f4d49d6a7a2f8e13980de241fdb0c4c8b3c2de467fb425461
-
SHA512
4faa2ecab2359a7eda3124fdebb0b567ff236333cb7d7f98dd0bd23077249ca17aea01eed0827b89740e7f8764e9eb02b99001ac2d498c8072ebc14a130eb81a
-
SSDEEP
1572864:NB9nyr53s/zJIWTcBlboCqFM1YZO4gOwexegi0vq3ZCUiLe2GK8uq8iZFnH:Nnnyr5c5cPM1M1GOcAgi0vqpCZLeVKUb
Malware Config
Targets
-
-
Target
1f8bd3be8998046f4d49d6a7a2f8e13980de241fdb0c4c8b3c2de467fb425461.msi.vir
-
Size
88.1MB
-
MD5
9b6d3f468e121e147da06c5fa36c48a4
-
SHA1
72f49dd62358b63bcec6b7f8d6ddb297890ae9de
-
SHA256
1f8bd3be8998046f4d49d6a7a2f8e13980de241fdb0c4c8b3c2de467fb425461
-
SHA512
4faa2ecab2359a7eda3124fdebb0b567ff236333cb7d7f98dd0bd23077249ca17aea01eed0827b89740e7f8764e9eb02b99001ac2d498c8072ebc14a130eb81a
-
SSDEEP
1572864:NB9nyr53s/zJIWTcBlboCqFM1YZO4gOwexegi0vq3ZCUiLe2GK8uq8iZFnH:Nnnyr5c5cPM1M1GOcAgi0vqpCZLeVKUb
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1