Overview

overview

10

Static

static

10

Open AI So...42.exe

windows7-x64

7

Open AI So...42.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    open ai sora.zip

  • Size

    79.0MB

  • Sample

    240722-me5yzatalq

  • MD5

    901ede8d8056305e704afd8ed5e4e7af

  • SHA1

    44d6ccefe1e6c81f932a108008453c056d3b2220

  • SHA256

    39f2614e343b7a2f507e71ab706ab6d83f5016401598d6464f43a38065947f6d

  • SHA512

    20693220b54527410fd5436fd3d264d14e8c475a22dc116e9d2fe21d25425f709c78bd88a4594a7a9983ce4752a7067d4ab817ce2bf6d183419d45fc0665ef51

  • SSDEEP

    1572864:O8vANue3c0W5ovuseC51qZ6uon/p9Y37PG22DZQz14pal1CYD2md32qTr23U:tAKFtse4Qsb3YoDw14plYD2uzTKE

Score
10/10
ducktailpersistencespywarestealer

Malware Config

Targets

    • Target

      Open AI Sora Vesion 5.42.exe

    • Size

      896.9MB

    • MD5

      e459920c9c583292d687f573200108d0

    • SHA1

      1f0ead1c05d0bf0f72baf949afd1b0b87405f483

    • SHA256

      710c89053b82419e706e9b2798c1870aa1960f9bcff3478c02081d7f977a891a

    • SHA512

      3093a89587e0fe0e9e1f7e7f3fced0fdc1d9c7dd98b9484cfbfaabbca1049e94a01aad5628def96a567caec97782ab0804c1b4b2feb5e3c752a1a49343e713ab

    • SSDEEP

      1572864:FHMlnmXXHfarJ2MH6rd07/eGpQvyLxCi70QzyhpPc2qfF4SagVnhqODQA86:NInmXXHfatH6dg/eiZzwJgFo

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks