Overview

overview

10

Static

static

10

Open AI So...96.exe

windows10-2004-x64

6

Open AI So...96.exe

windows11-21h2-x64

6

app-5.96.0...96.exe

windows10-2004-x64

7

app-5.96.0...96.exe

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Open AI Sora 4.0 Verison 4.89.zip

  • Size

    186.1MB

  • Sample

    241016-sl557sweja

  • MD5

    a427239a82bd996d4759030297a859a7

  • SHA1

    28100205b814f18d9c91ec55c0ff4a090ecef7d6

  • SHA256

    b129e97f69d29879931e00f9b7cc1827292ef5c1b8d9d368f26ecf0a8508effe

  • SHA512

    a0e9f2a085c1ada27ac9a93074688cc59356d257e2e46dd5ba6c66a5c7909835fa43942b3cde493ecd28afa71b36f88ffe4897c93a408af3770cf53022812732

  • SSDEEP

    3145728:ezSk13XnzjPJhUGVQ0zGTe23PuxSXTQ3e68p8/vLZEvx:ezSkBzjPflxYTqH8Ezw

Score
10/10
ducktaildiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      Open AI Sora 4.0_Setup_Version 5.96.exe

    • Size

      349KB

    • MD5

      ceb804d5dcb9e543549fdf842611dcc3

    • SHA1

      630b4a55ec6ea4acb163422c1938ddb389340af7

    • SHA256

      92a304e64a65bbab9a45b6cb0d3f701fe0803616d23f5f9b860d3b00488f2482

    • SHA512

      9c380596001d7ed1ba18b826b13ac28fd9b3fed16a87fa1ed648f4534431e3dc756e3179ad5e5c12f1778ebe028446fb05597d3fc347221a6611f7af88998d82

    • SSDEEP

      3072:sV/GaFJJZ+Qima9IjVe9+L+xZ2N4OCSPQwZkXkAy5vHOQXQWXUjzBW2HwbvWUhIj:6Bmm+aVecLuK0uPZQk4QU9Wew7G

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      app-5.96.0/Open AI Sora 4.0_Setup_Version 5.96.exe

    • Size

      744.1MB

    • MD5

      33e4c114789665f10c3f11ffea9d2ba3

    • SHA1

      5fefd509d0e38b6bed0867fb9780ff1208d5cc6a

    • SHA256

      99a4657b318daeec77a6ea8eb8082a16d58dd18c179e5df6f01e687bf99be58b

    • SHA512

      c16b9cb968a03f852046919f34b975363eaf8082510c6cc3da119ddaac107d3a65da0d02b5c1906396f8a1abe59cf3dbbdca568eaff106828cf0975c00410781

    • SSDEEP

      3145728:/hSx3pv753l36cJoYuuuuuuuvZzwJgFoR:pSnT53hVm6R

    Score
    7/10
    discoverypersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks