purplefox | e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470 | Triage

Submit
Reports

Overview

overview

Static

static

3

e9a400053d...70.exe

windows7-x64

e9a400053d...70.exe

windows10-2004-x64

Sharing

General

Target

e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470.exe.vir
Size

91.4MB
Sample

241201-qhatsaskdv
MD5

b73e545012c78e7e864318eb0278d0a9
SHA1

a325f1c94ae4df3fbbc48b52098db2f5581d9fde
SHA256

e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470
SHA512

bad9c93d1ca13c38f1bc109ed3f4515acf9fbaa56db45cd5559207a000b2e23b06a4b00ed0595114cbbe99f6c9ffca55d5f09b43b4ff36b449c62b8af7727fb7
SSDEEP

1572864:fkMDsZW2KfoM2J0s2nMqZ5Nhy+cWev3mZuHshbCLPyZAoOw8mMvxIQPm0MVp0TC:fhIZW2KQWntH6+cXvjKbCLPyWol8myxI

Score

10^/10

purplefox discovery persistence rootkit trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470.exe

Resource

win7-20240903-en

purplefox discovery persistence rootkit trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470.exe

Resource

win10v2004-20241007-en

purplefox discovery persistence rootkit trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470.exe.vir
- Size
  
  91.4MB
- MD5
  
  b73e545012c78e7e864318eb0278d0a9
- SHA1
  
  a325f1c94ae4df3fbbc48b52098db2f5581d9fde
- SHA256
  
  e9a400053daab4a54640be4d6d76ef3fccfcef0d55ebd937595e8d2f24c57470
- SHA512
  
  bad9c93d1ca13c38f1bc109ed3f4515acf9fbaa56db45cd5559207a000b2e23b06a4b00ed0595114cbbe99f6c9ffca55d5f09b43b4ff36b449c62b8af7727fb7
- SSDEEP
  
  1572864:fkMDsZW2KfoM2J0s2nMqZ5Nhy+cWev3mZuHshbCLPyZAoOw8mMvxIQPm0MVp0TC:fhIZW2KQWntH6+cXvjKbCLPyWol8myxI
Score

10^/10

purplefox discovery persistence rootkit trojan
- Detect PurpleFox Rootkit
  Detect PurpleFox Rootkit.
  rootkit
- PurpleFox
  PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
  rootkit trojan purplefox
- Purplefox family
  purplefox
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

purplefoxdiscoverypersistencerootkittrojan

behavioral2

purplefoxdiscoverypersistencerootkittrojan

© 2018-2024

Terms | Privacy