General

  • Target

    662cf6389f741a18549f03eac56c2d9612f6ef4dc1c8c464571d9e2c277910e7

  • Size

    2.8MB

  • Sample

    240524-emtxnscd9x

  • MD5

    6a7b42cb132d4f65b2f3dacd970a2d15

  • SHA1

    9dba2d2d3afbccf31a8c42cf7a440e57e0a3dd74

  • SHA256

    662cf6389f741a18549f03eac56c2d9612f6ef4dc1c8c464571d9e2c277910e7

  • SHA512

    0773d4c84c55c2075a61c0013d034bce5976911ab0eeb20239ac02877b270eee83e4851d53a4882d6854cdfeef3c2dfdadc96a6dc994d4498386ddf4d89b85e5

  • SSDEEP

    49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2wB:Vws2ANnKXOaeOgmhPTwM6mn2wB

Malware Config

Targets

    • Target

      662cf6389f741a18549f03eac56c2d9612f6ef4dc1c8c464571d9e2c277910e7

    • Size

      2.8MB

    • MD5

      6a7b42cb132d4f65b2f3dacd970a2d15

    • SHA1

      9dba2d2d3afbccf31a8c42cf7a440e57e0a3dd74

    • SHA256

      662cf6389f741a18549f03eac56c2d9612f6ef4dc1c8c464571d9e2c277910e7

    • SHA512

      0773d4c84c55c2075a61c0013d034bce5976911ab0eeb20239ac02877b270eee83e4851d53a4882d6854cdfeef3c2dfdadc96a6dc994d4498386ddf4d89b85e5

    • SSDEEP

      49152:yCwsbCANnKXferL7Vwe/Gg0P+WhbLTwM6mn2wB:Vws2ANnKXOaeOgmhPTwM6mn2wB

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    • Drops file in Drivers directory

    • Sets DLL path for service in the registry

    • Sets service image path in registry

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks