General
-
Target
ChatgptHelper.bin.zip
-
Size
16KB
-
Sample
230226-tstleshc4z
-
MD5
08480329b811e7d893d69964f42d04e7
-
SHA1
a6749bd149d476ecfd0ac7453d9bfeae39579325
-
SHA256
21373a6d949a357dd7cab0df39490d440415d0887316430771923547f65a349c
-
SHA512
79180bd8711e70feae33050423092e0be2f8b39390db493a81e5361c5283a7c34a29780d097a2b56d9c3a6b4cdc513259118ad4152ee8e75b2e8aba9f62c3570
-
SSDEEP
384:wHIDNXyAoto5djCYNTq7OAZVTvWuK/sHpHLgD7jGMb5YAlbQ:wyNXyudm7O4Tuf8ponXZQ
Behavioral task
behavioral1
Sample
ChatgptHelper.exe
Resource
win10-20230220-it
Malware Config
Extracted
njrat
im523
HacKed
7.tcp.eu.ngrok.io:19698
330867499299d35c5dff831d5c393122
-
reg_key
330867499299d35c5dff831d5c393122
-
splitter
|'|'|
Targets
-
-
Target
ChatgptHelper.bin
-
Size
36KB
-
MD5
b50645ca6885b8f2dfd3571eae7afd1e
-
SHA1
2bc22b2fe4b75825deff008634390661b7802de5
-
SHA256
2a03b714a7d8a52e79746c1bb5fd0a08615f526d6390272d5678fa452846840a
-
SHA512
cd7eb7f8bbd4d3b30d7fd3d51f57f2202dbd3949463ec225df6b5c4c64f3cad9bb0f4e173c996cfde570877edf23600937ca5eaba8180083d92d9c83019338c0
-
SSDEEP
384:of+Nb7LsikZ9zNf/1uyU71evdjsOaP0rAF+rMRTyN/0L+EcoinblneHQM3epzX4F:lNf4l1lU71e9FacrM+rMRa8Nu2Pt
Score10/10-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Program crash
-