Overview
overview
10Static
static
3ChatGPT-4_Online.rar
windows7-x64
3ChatGPT-4_Online.rar
windows10-2004-x64
3ChatGPT-4 Online.exe
windows7-x64
10ChatGPT-4 Online.exe
windows10-2004-x64
10NL7Data0404.dll
windows7-x64
3NL7Data0404.dll
windows10-2004-x64
3NlsData004a.dll
windows7-x64
3NlsData004a.dll
windows10-2004-x64
3General
-
Target
ChatGPT-4_Online.rar
-
Size
2.3MB
-
Sample
230520-z3tl3ahc8z
-
MD5
ae9cc5aada7d190699750a0637b91c44
-
SHA1
3bd4c2389e6db658719bf3a224ae58d72d076538
-
SHA256
e64bb75516fa8244fc31da6ee100cc10627f316aabc5ec9cfd2d9f5a028a6e4c
-
SHA512
cb2367a973d4bb389b75e5926a8e7115596c83016fc5fc9c8239ae0c663cedfbe8cb86aabc2fc7282620108efa189fd0c4a4afe0e37d80a33526381e114e3832
-
SSDEEP
49152:e+1J1nX5LY2DfnuGPq2cFaqZS0ah8BoAcIkvnEUNuC06hWydTbW:dv1JLY2Du2q24aqkZaBoAcIkMyWyw
Static task
static1
Behavioral task
behavioral1
Sample
ChatGPT-4_Online.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
ChatGPT-4_Online.rar
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
ChatGPT-4 Online.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
ChatGPT-4 Online.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
NL7Data0404.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
NL7Data0404.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
NlsData004a.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
NlsData004a.dll
Resource
win10v2004-20230221-en
Malware Config
Targets
-
-
Target
ChatGPT-4_Online.rar
-
Size
2.3MB
-
MD5
ae9cc5aada7d190699750a0637b91c44
-
SHA1
3bd4c2389e6db658719bf3a224ae58d72d076538
-
SHA256
e64bb75516fa8244fc31da6ee100cc10627f316aabc5ec9cfd2d9f5a028a6e4c
-
SHA512
cb2367a973d4bb389b75e5926a8e7115596c83016fc5fc9c8239ae0c663cedfbe8cb86aabc2fc7282620108efa189fd0c4a4afe0e37d80a33526381e114e3832
-
SSDEEP
49152:e+1J1nX5LY2DfnuGPq2cFaqZS0ah8BoAcIkvnEUNuC06hWydTbW:dv1JLY2Du2q24aqkZaBoAcIkMyWyw
Score3/10 -
-
-
Target
ChatGPT-4 Online.exe
-
Size
1.2MB
-
MD5
88f8bb1fa6bdda82ff9e4150e5084533
-
SHA1
daa56b740fde8da38580c1f053e4511d20a5b733
-
SHA256
8a6672b8b7165db85a63750a12a89f8c0d55f7f2a98042f25be8740324469ecc
-
SHA512
8add946ceee5e3b8440b1be7ce2eedb84c70fa72eaaecacfa00e214660743bebec22a72056313ea66c287ab5fe9b36a53593cc8d7567bafb11db40dfa2c1912b
-
SSDEEP
24576:lgZXoZUTVdt7KP1r0tNH7zaWHXw6uyRZ3gVb1s7qagNqT083VxMa:Q6CNb2W4hO7j083Vxv
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
NL7Data0404.dll
-
Size
2.2MB
-
MD5
81b14fd1c9d2b830e55c93c4c38afa2f
-
SHA1
975bef050d9e8d2ee577e1b4db5dd6e2d67bff20
-
SHA256
878e2dbac4b6a6bcce54742f3c7bfd87aa93a6637cccc1e5d18ab65215d81bee
-
SHA512
16bcd415ca4cfc8813d990a304723a87122eede56a4f2c84b8fac91ccb0d5fd9c2db413358eecf145c1faad5b74f16b516a3c5e12f977bbca0cb6f66cc73d3ec
-
SSDEEP
24576:WckkkkkkHxKjbNX7UtOGwu1fg5tXVD539swzYNefx+Pff5pn3DXBdVjtxv/Ui:WeKYtOGwu1fg5FtJ9nMX5bL9z
Score3/10 -
-
-
Target
NlsData004a.dll
-
Size
3.1MB
-
MD5
be007b645b9d1332e3346107727320d9
-
SHA1
0717c6fea33ddd04b9f032039d23c66efd5e5f76
-
SHA256
7b128be8d77398cbc3bb789a34e21afc984c2e87276907a01326f8fb4504e9da
-
SHA512
8e205aaf5ef8a1e5259634ff51b1e0da8bf35ace547e01de05a02dd0ad55ef7a46329737ba062556c195ba0ef6e3722ea144752f0aa8330c440dac38b2653f82
-
SSDEEP
24576:oJEJNe9wndvrpof5UUv6ujcqJByewHXqQpiPlJKaTsO0KwRB3Q/CDuCF:k9CNofaXXqQpTawO0KwRB3Q/Au
Score3/10 -