General
-
Target
d829e97999e1fb03880dc321b0a331937e18b9aa0ee08ca3ab189ce8f410cba1.msi.vir
-
Size
88.1MB
-
Sample
241130-q1fgzsvqby
-
MD5
35e04cd304b5cb510dd3e0ad154811bc
-
SHA1
cee9a92ad938ff9e3074356ced22c30bf3902378
-
SHA256
d829e97999e1fb03880dc321b0a331937e18b9aa0ee08ca3ab189ce8f410cba1
-
SHA512
be40162927e06e071dac23c057afbeb7c33c64b433fb1445ba73da5f656f09aa97c2e95798be4b5b19f964803fb7942a34e58222c9823a890f8e890af4538354
-
SSDEEP
1572864:gMDsZW2KfoM2J0s2nMqZ5Nhy+cWev3mZuHshbCLPyZAoOw8mMvxIQPm0MVp0:FIZW2KQWntH6+cXvjKbCLPyWol8myxh/
Malware Config
Targets
-
-
Target
d829e97999e1fb03880dc321b0a331937e18b9aa0ee08ca3ab189ce8f410cba1.msi.vir
-
Size
88.1MB
-
MD5
35e04cd304b5cb510dd3e0ad154811bc
-
SHA1
cee9a92ad938ff9e3074356ced22c30bf3902378
-
SHA256
d829e97999e1fb03880dc321b0a331937e18b9aa0ee08ca3ab189ce8f410cba1
-
SHA512
be40162927e06e071dac23c057afbeb7c33c64b433fb1445ba73da5f656f09aa97c2e95798be4b5b19f964803fb7942a34e58222c9823a890f8e890af4538354
-
SSDEEP
1572864:gMDsZW2KfoM2J0s2nMqZ5Nhy+cWev3mZuHshbCLPyZAoOw8mMvxIQPm0MVp0:FIZW2KQWntH6+cXvjKbCLPyWol8myxh/
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Installer Packages
1