General

  • Target

    ChatGPT.zip

  • Size

    7.6MB

  • Sample

    230201-g8wz9scb77

  • MD5

    bb4397456ae239f8040d17466435fcc5

  • SHA1

    b19b553c2389c3d62d2cfd4b18af508b8a2b0020

  • SHA256

    db0270b977bf68fb8ce2e161bae88c7dd4ed82866b3bbc3d6c8a713edc69db53

  • SHA512

    8df30542fb2922a834788a81266e39f524a3d8713a1e122617b051e07f3f116caa2c4a266bcb9db8ee3e653c2dfea22297a54c55fa7cd909e18ad10bede52571

  • SSDEEP

    98304:PeOvVUAD89wQlghyam0mUOm/Q2AHIwDRnlWjsbkl73oyJ52otql16DDrlpoO8S:xVUAQ9PggxhmMdSjsbklz2lQBZ

Malware Config

Extracted

Family

raccoon

Botnet

ff85621b9b7e77782fcfd9e75aa2a3e1

C2

http://80.85.139.245/

rc4.plain

Targets

    • Target

      chatgpt.exe

    • Size

      658.8MB

    • MD5

      d3fbcca7d5fd818a9f1004c4e6b95fe3

    • SHA1

      1487d9dfcaf863e279f9830affb851f3e9688d08

    • SHA256

      5ff4a408a6578451248d8d7a5a9be2c75162f5406b143df9f46b83e30fa63226

    • SHA512

      3accd3a3fb7697c602f1fc3601560a23f3bfd910c8cd5154b3130aa40230494b17c7b6962dce28e74be06df696433425bd5e0e7f6325eb44458644779134d361

    • SSDEEP

      12288:7p/5R0g6QwlJRGLAIBcosKn7SJ1chc3wZbM2XhGcmOZMDomIoH3LdrscwZ6VHZY+:7x6n7RGhBcosKn701wXV1q

    • Raccoon

      Raccoon is an infostealer written in C++ and first seen in 2019.

    • Blocklisted process makes network request

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks