Overview

overview

10

Static

static

1

9657c7e89f...b2.msi

windows7-x64

10

9657c7e89f...b2.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9657c7e89fc7dca791092e022d768bb327cd31aa0e1bf8b5f578e54aaa5931b2.msi.vir

  • Size

    72.5MB

  • Sample

    241128-hc223syncw

  • MD5

    0582fe0c2148ce8bd5147fb693fcd960

  • SHA1

    02b41250310a884183e40a6c8deafd79767598de

  • SHA256

    9657c7e89fc7dca791092e022d768bb327cd31aa0e1bf8b5f578e54aaa5931b2

  • SHA512

    5e11202d0c9d3364999eed294b29e42eefcea390556243e8daeda5ef4c5bc6a7a76903c0fd454c2ac9818c9f27bbcabceaf7c56e42c86eab09964e65ad70579c

  • SSDEEP

    1572864:CMBHZT3KoUdum8uI/b3BxxSWmEcGB6SxhZt3kDpXMKFzMR7KJDj7o:CMV5Ko0NIjBv2Sxzt0Dp8oz1Dj7

Score
10/10
purplefoxdiscoverypersistenceprivilege_escalationrootkittrojan

Malware Config

Targets

    • Target

      9657c7e89fc7dca791092e022d768bb327cd31aa0e1bf8b5f578e54aaa5931b2.msi.vir

    • Size

      72.5MB

    • MD5

      0582fe0c2148ce8bd5147fb693fcd960

    • SHA1

      02b41250310a884183e40a6c8deafd79767598de

    • SHA256

      9657c7e89fc7dca791092e022d768bb327cd31aa0e1bf8b5f578e54aaa5931b2

    • SHA512

      5e11202d0c9d3364999eed294b29e42eefcea390556243e8daeda5ef4c5bc6a7a76903c0fd454c2ac9818c9f27bbcabceaf7c56e42c86eab09964e65ad70579c

    • SSDEEP

      1572864:CMBHZT3KoUdum8uI/b3BxxSWmEcGB6SxhZt3kDpXMKFzMR7KJDj7o:CMV5Ko0NIjBv2Sxzt0Dp8oz1Dj7

    Score
    10/10
    purplefoxdiscoverypersistenceprivilege_escalationrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Purplefox family

      purplefox

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks