General
-
Target
0a5c38821be6842b1c3126e0d4a89e95e42e4d35752532afc8d70bf6f6b4a580
-
Size
3.0MB
-
Sample
250108-cb16haypbt
-
MD5
7d727d7f3aa689290a1aff5f7044a0e6
-
SHA1
1feab9c662fb65ccd7a5e53759e46805ecf0470b
-
SHA256
0a5c38821be6842b1c3126e0d4a89e95e42e4d35752532afc8d70bf6f6b4a580
-
SHA512
bbf92f6d892a58a6087efc4e5f77ff08654fc7a48ea61982cc52c7d333fecc1b2a325614cd01595e7c23d383609b934fc1fd731242a90e3b4e42e61e50ea33fd
-
SSDEEP
49152:t0SsdKAeAMsNfnrlG4i77uB48ROuiQzVnYixYLR686UYVEQYHm+ewrYG:v/6NfnrlG4i7aXzxmLjH99V
Malware Config
Targets
-
-
Target
0a5c38821be6842b1c3126e0d4a89e95e42e4d35752532afc8d70bf6f6b4a580
-
Size
3.0MB
-
MD5
7d727d7f3aa689290a1aff5f7044a0e6
-
SHA1
1feab9c662fb65ccd7a5e53759e46805ecf0470b
-
SHA256
0a5c38821be6842b1c3126e0d4a89e95e42e4d35752532afc8d70bf6f6b4a580
-
SHA512
bbf92f6d892a58a6087efc4e5f77ff08654fc7a48ea61982cc52c7d333fecc1b2a325614cd01595e7c23d383609b934fc1fd731242a90e3b4e42e61e50ea33fd
-
SSDEEP
49152:t0SsdKAeAMsNfnrlG4i77uB48ROuiQzVnYixYLR686UYVEQYHm+ewrYG:v/6NfnrlG4i7aXzxmLjH99V
Score10/10-
Detect PurpleFox Rootkit
Detect PurpleFox Rootkit.
-
PurpleFox
PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.
-
Purplefox family
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1