purplefox | a38477583f2c2fd9b07c6c5ba26473893bfa3ff638abf760d933902eadcdcbc6 | Triage

Sharing

General

Target

eb22dd8e4b78ddd44ceb9336e556ebd7_JaffaCakes118
Size

996KB
Sample

241213-msskssxpar
MD5

eb22dd8e4b78ddd44ceb9336e556ebd7
SHA1

c18c3f48bed890333ab98ae83241003db6b95c73
SHA256

a38477583f2c2fd9b07c6c5ba26473893bfa3ff638abf760d933902eadcdcbc6
SHA512

7ee234aa221f3bdd0095215eba0ed4666d7a1bd98fcf52eb7e3ce0f756d7ae3440ebf6c2b2626f2b519fc2374901ea6da3c540a501a61faa73d8d53fa3973b28
SSDEEP

24576:Y7aBqnGIQ5M6DLrVVdWG859GCHrSoUzLyaVtFUl:Y78lrXVVdWX59GUrSLzeaVtFU

Score

10^/10

purplefox discovery persistence privilege_escalation rootkit

Malware Config

Targets

- Target
  
  eb22dd8e4b78ddd44ceb9336e556ebd7_JaffaCakes118
- Size
  
  996KB
- MD5
  
  eb22dd8e4b78ddd44ceb9336e556ebd7
- SHA1
  
  c18c3f48bed890333ab98ae83241003db6b95c73
- SHA256
  
  a38477583f2c2fd9b07c6c5ba26473893bfa3ff638abf760d933902eadcdcbc6
- SHA512
  
  7ee234aa221f3bdd0095215eba0ed4666d7a1bd98fcf52eb7e3ce0f756d7ae3440ebf6c2b2626f2b519fc2374901ea6da3c540a501a61faa73d8d53fa3973b28
- SSDEEP
  
  24576:Y7aBqnGIQ5M6DLrVVdWG859GCHrSoUzLyaVtFUl:Y78lrXVVdWX59GUrSLzeaVtFU
Score

6^/10

discovery persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

rootkitpurplefox

behavioral1

discoverypersistenceprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation