General

  • Target

    Open AI Sora 4.0 Verison 4.89.zip

  • Size

    160.3MB

  • Sample

    241017-vrexbazakj

  • MD5

    7a30dc8404260aea0708472b26cd1da3

  • SHA1

    bb1719c73f07947dd48d285b7ef8111db5e57e04

  • SHA256

    9ecdf63c778837fe391974d12dbda0752ccb58ef8e6241dd2bfc223580b1f536

  • SHA512

    3469159e454b5b91e150fba28f5a8499f2348eaddf6075516da359ea684ea8485570a0137ddb4b511e225de48a2a1f55cfb89e7318471a558c6f29a53a1a593e

  • SSDEEP

    3145728:4ezfQqO86nwkWmY3uqZsCl8wvqIyq8NrPRaiM17eDUBwb3ewkjNPfiLo:xy86nwkWmY3uqZsCl8wvqIyq8NrPQrVN

Malware Config

Targets

    • Target

      Open AI Sora 4.0 Verison 4.89.exe

    • Size

      365KB

    • MD5

      4aca9457933a530c0bf576f7f537694a

    • SHA1

      f39053f92e86885a3cd52ff5630bcbc1cbe4cadf

    • SHA256

      f8380479fe4558dfe5f787f73daa412b7386c045b7d5e8f39d3cb73b5b204569

    • SHA512

      87ddd3fded58ce0d01acad9f6992bd14400c1acb3c29519370b9b628d2fbfd49accb177171649aa39018d05f5fe1f759c78f0c012c9834306efae4e08f0cd9b2

    • SSDEEP

      3072:C5I+ERABhR3JqnP8I+McS9MESlGW1AgCBMNBNsYoh+buYJoY46ZFaVLMxKawbvWw:r/3nvX19MtlGW1AgGO+hqohPaxbw7W

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      app-11.4.0/EMUtils.dll

    • Size

      31KB

    • MD5

      e5c2a105bdb1d2b68b9ede20e7b66306

    • SHA1

      fe3155c6f453476f30a06fe6c9765ec6bcda0cf4

    • SHA256

      9196850d957d30b8cff7cb930a6caaca7fccb069f1f554346c327b11fa4e2e3d

    • SHA512

      06c3274f319d115b4ce5cfd9d60b1ec45d5394b63d64f755e94f58c89492bf81174bb4880b83a9bd0f60fc48f789183d070614f56987857a6cca930925075faf

    • SSDEEP

      768:3Qnr+lBH22bFduHckYBi/YiMw+kYrPxWEcbR:AilBH22bvuHKE/7MNrPxcR

    Score
    1/10
    • Target

      app-11.4.0/EMUtilsOld.dll

    • Size

      31KB

    • MD5

      b299f8870b0ad51a56a7dae0c4dc3450

    • SHA1

      463675ef18233548c21822e048d40bfcfc3425a4

    • SHA256

      cc4ea76bf658b14c0da35fab7d17cc14d10c499edee26e8bd0d038161995e422

    • SHA512

      972efd8d5234da9b423988b1101ad0c2beddf70f174600d7115289d224aba5c7ba93fd24244182da6b40182ea918b115c4206f7ef2300d12702546dd9d3fd766

    • SSDEEP

      384:BZQnK9Q3UTB8dEibbFxnh7fPEN2HLZSf+VIYiMNAd+w2/01Pxh8E9VF0NyzM/y:/Qn7KBePbF1hDENMi/YiMw+A1PxWE5F

    Score
    1/10
    • Target

      app-11.4.0/Open AI Sora 4.0 Verison 4.89.exe

    • Size

      717.9MB

    • MD5

      4ca74930fb928138ef72335d06cc39db

    • SHA1

      14ea9754494af1beb429224911b2ec2f43d3a802

    • SHA256

      86f1e1adb0542298fede2316612d6a90ab655a2774d5bc766c4eb77e0bd25e70

    • SHA512

      7aaa890c51d012eced7d1f565b61a9d3dc2480945e4ef1509806763cd48fa016ee4c9c44bde44bc10da34b00aee3e897038f200b19b9e136cb98788a6977bee2

    • SSDEEP

      3145728:lnOvz6yqIkFIkFIkFIkFIkFIkFIkFIkYZzwJgFos:eGIkFIkFIkFIkFIkFIkFIkFIk5m6s

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      app-11.4.0/Qt6LabsQmlModels.dll

    • Size

      175KB

    • MD5

      2816e3b1c5af83c9333d7a0da7d25e4a

    • SHA1

      0de3d7284716d568fe167bef1ece46837a6090b6

    • SHA256

      b72a3b07789ee007b65531c3c67dbab1d023fcefd4b7a06609ff87af16704469

    • SHA512

      f45efc272a9d8b0860e72dcffcf5ee4d9038a9d08bd9d674c638807e73b3aced22f340129d184010ae4fb027658fd224f9fb224337237a3615f4e205b172808f

    • SSDEEP

      3072:Db+HVJwJfQUIxitsZIFVkyY98YkdC/VDcvSz4jm/mxw:f+1JwJw9IFy9Dcv4v

    Score
    1/10
    • Target

      app-11.4.0/Qt6LabsSettings.dll

    • Size

      60KB

    • MD5

      7f3c436593b3c7fa27b7465d4ce41921

    • SHA1

      88c9ca4cc65f5e480be3651ee2a5bd7f287104b1

    • SHA256

      4777daf7a67734040fd51de2e65069c3a7622beddb28d4aa1755bad067963aaa

    • SHA512

      3d271476b1919ab7dccdb6c7392ccd2937696731ff1d1466016b193313fa5e08c5b3468c28380268128970f170308811a3b4f416bd6fe437c0fca153b74a1670

    • SSDEEP

      768:9fTB9h0VkxU3jMReeqZ5VmaZDbHBBVmiy5EqYi/YiMw+dQUPxWEts:91r0VkojMRMJmenFby5Eqt/7MjdPxs

    Score
    1/10
    • Target

      app-11.4.0/Qt6QuickControls2.dll

    • Size

      64KB

    • MD5

      6ddc3efacef3610231a8d980e4002c9c

    • SHA1

      e0973cff9c302e6fd2e8fc737dfae6cd57972970

    • SHA256

      bf7dbf36676f6f793bd6f1785a1c084f1bae95bbf3bf806d77eb89faa20110bc

    • SHA512

      7da90079b3d861c433ec992ce4f76ef8ef9d088784d1069e51d9e24ffe6cb33d9622008d4e3ff914b901653a730edc14db823dfe2e25ed35e2ac8e26daed385a

    • SSDEEP

      768:r8zAWJxgqDs2mg/1Tp213s5aEjVFqEuoWvSiDfQ6pxjnV4jxi/YiMw+MPxWEB1l:Az7xxs2mITpSs5Vjk1tvn00/7MePxpl

    Score
    1/10
    • Target

      app-11.4.0/Qt6QuickDialogs2Utils.dll

    • Size

      47KB

    • MD5

      e09921e92744310113a1da60df4e454c

    • SHA1

      349f1d8788049c7f47ba65c6294e9f5014f50c33

    • SHA256

      0bc515813c98e82e491cefb7661f5c684b0500a36b7894dff93d6160ad90470d

    • SHA512

      94c165a188ccd50574db7dab979f0d5e367e544b7676e333d0a78408beb9e5ca9abd5f525714a9b4283de09764377e9eee24beba14d2df7427c5dab9ee451d86

    • SSDEEP

      768:01oqlQp9Z2Vf37Q4G2D2IlUp8mzsxjmAi/YiMw+RgTPxWETM:01oqlU9ZS04PD2IlUpTzISV/7MoTPxC

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-convert-l1-1-0.dll

    • Size

      20KB

    • MD5

      530ee661f5b91e91068f5c08ec12b938

    • SHA1

      fcc134bbf090dc39389f5815cb4adc7cbbc2ca7c

    • SHA256

      945b59c105801b4a7215f2d2742bb8b1e70eeca8d7da3576de0821a4c72fd1b9

    • SHA512

      7615cb1831544f7f65206f961059f251a33b3b17f532d53be5b9eb33b009c511a8b45c577e91eb8ac41ba6482218da1ee57c1a2748bbe00b277e0d11ff105980

    • SSDEEP

      384:WvuyxWfhWtHLZSf+VIYiMNAd+W4O6wPxh8E9VF0NypEQR:/2i/YiMw+DyPxWE/VR

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-environment-l1-1-0.dll

    • Size

      16KB

    • MD5

      ecd79b7800ecd43cf6482cbd370fb520

    • SHA1

      9807e73024d873dc7a98fdfac632870030f3fc9f

    • SHA256

      adc8d4d19d065740f27af68e28983a388ef842098f1349c5e8da5cd59f6d43d6

    • SHA512

      bd6795015e099afe06c3c89d8d4d7e73b5a84d28852ab6ea0706e8fe48e5fa56a5a8478c5737efd56784eeb70b03c557a87d824e2211ff85e2420b0a613e96ec

    • SSDEEP

      384:WjWfhWqHLZSf+VIYiMNAd+1lBPxh8E9VF0NyykFI:v3i/YiMw+PBPxWE4MI

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-filesystem-l1-1-0.dll

    • Size

      18KB

    • MD5

      47d89ed9e76bb25ef95084aeca86f5ce

    • SHA1

      8b0474a405ce96ccb474ea74d7397deca0c96768

    • SHA256

      8017b4580af99a12ef87e639023ccbe8eac7ad7e1110d1bedbdcd5aa1bad8498

    • SHA512

      658131198e0e76605ad3b8e57ed136f51bf569aef44d241be5667a226db72b13f9d9966d0ba2a62f8f6f2db7ea4c0a607e50343c2df1b6e6b2f9f1375aa7ec45

    • SSDEEP

      384:WNq6nWm5CpWfhWLHLZSf+VIYiMNAd+jYNPxh8E9VF0NyjxjJ:36nWm5CeIi/YiMw+6PxWEhr

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-heap-l1-1-0.dll

    • Size

      17KB

    • MD5

      e6d00f1da5a03b7ac33b0abe6823f686

    • SHA1

      2d9e1e9d3ddb36b91f8987d71c626764a15ff882

    • SHA256

      272dac5b4b1210ab63814d640911a0fe829b7d02854759f2e537d42804bbebc2

    • SHA512

      f08142e9a9c87f9e15bf71b91d134aabc4c494b3d6221f4b017bb88ce8e426a78752b0308b4ada17f03b78e75a22be622a819d6bf5d217dbf917acb1910199db

    • SSDEEP

      384:W+Y3eRWfhWzHLZSf+VIYiMNAd+fQjPxh8E9VF0Nym5ojnD:RGoi/YiMw+IjPxWEAQD

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-locale-l1-1-0.dll

    • Size

      16KB

    • MD5

      e47735f9dfab96ff8f5b04c537e74eb7

    • SHA1

      f310317229d5aaf3cd7c8c5931ca3f1323095763

    • SHA256

      ab15d561cdb5bfee685a0aace6de3c069fb400ef07a9bf35f9f885d25e5ecfbc

    • SHA512

      43fc975d01a1236c0b6f0e55496385ee883413453d324318c0113a318f1a122aa9fa9cd9233a10bc70ef5d9185fc8c8b1eed6cc18088cdc8acb1c68d6ede065e

    • SSDEEP

      384:WTWfhWEHLZSf+VIYiMNAd+v3RPxh8E9VF0NycKKRd:3xi/YiMw+pPxWES5j

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-math-l1-1-0.dll

    • Size

      25KB

    • MD5

      071e03ba97abc752ded12cf7ab51f34f

    • SHA1

      9d803535266292824ae6161c270b42208069fe22

    • SHA256

      13ba291ad89eb9a333881a89958ab70f4e711d89df85c40fd2cf55563fbd43e6

    • SHA512

      db8ea28b5056a18b048acd56bf5db15e9cb11f999bab30d3cca8eea410401b76abf049d1ad4afcec54345b4aaa9da0cf411739a4560f2afc0962e944d54ca89a

    • SSDEEP

      384:WKQUbM4Oe59Ckb1hgmLVWfhWMHLZSf+VIYiMNAd+JfJjHPxh8E9VF0NySaF:jRMq59Bb1jy9i/YiMw+5JbPxWEcE

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-multibyte-l1-1-0.dll

    • Size

      24KB

    • MD5

      6e92a11a52e4ee00222873ab4a3f3c9b

    • SHA1

      f69c25c0ed400fb80b2b106b449b61dfbffc7cf3

    • SHA256

      b374b9737af2e4b48783747d63edfd1b2dd236395672b24413a4642180ca5f19

    • SHA512

      f75388dd3a1c58230080eb7da875fd8048d41469f1aae701a160152e64da579b5f6b825543c10517dd78e32f9829a1a1fbed6fdf5c40487f0452991259ae527b

    • SSDEEP

      384:WJy+Kr6aLPmIHJI6/CpG3t2G3t4odXLVWfhWjHLZSf+VIYiMNAd+StSzvPxh8E9n:QZKrZPmIHJI6koi/YiMw+1bPxWEvV

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-private-l1-1-0.dll

    • Size

      67KB

    • MD5

      3ada492d92f7429b5ac13c492026830c

    • SHA1

      0a3a1d4d5cd20a3b14273481f552e69d35ac6f2c

    • SHA256

      7ced95796d6037d3699c8c332d916bd59138a928601c34ccad2cdf80b21c20df

    • SHA512

      e3d430dd7a5ea9897d760fe41451c32a6d59ae6a19c3ac6b0a51647fe21f1c26557a903b1d65c0ce96a97e6fde589e81653b6fe63d19255e65ede8ae9cf0f93f

    • SSDEEP

      1536:v/XeuJDe5c4bFe2JyhcvxXWpD7d3334BkZn+P7//7MDPx2R:nXeuJDe5c4bFe2JyhcvxXWpD7d3334Bd

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-process-l1-1-0.dll

    • Size

      17KB

    • MD5

      6a51f24b45d2a95c1091a88402f4193a

    • SHA1

      f51cde8341ffe2937cc8c634b24d989542686540

    • SHA256

      084a37b1afe0228d5e0c1a8ad584d2022ebbef5106c29f7fcbba3366d17f6c7f

    • SHA512

      3474614e5d2df74c720f00fd0d242da9765bb1132dcbac4407a3f8b1f8c8c94a07ecefa1e4619cb153c0bc5367b489d56fe92dcdee35409a6bf5f395a6b34c70

    • SSDEEP

      384:WAKAWfhWzHLZSf+VIYiMNAd+kUpPxh8E9VF0Nya76:0Ii/YiMw+LPxWEgu

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-runtime-l1-1-0.dll

    • Size

      20KB

    • MD5

      4f9eb6c11548ac0bc65dfe823e2b26a8

    • SHA1

      d893d71995d68430ef99f9f48393239937634c82

    • SHA256

      defb4b01790d1383d28053084f56218ff492bcab0c7a88bdee471201f938a4af

    • SHA512

      580de93dbf6f6cc2fe1a1af2684866a13265798c17eea5f47ebe921e6c7fe01cc527ea58706e3f6d20745623bf45c4708aeb68a30a8d9dae06aaa41801c71752

    • SSDEEP

      384:WAPtYr7LWfhWxHLZSf+VIYiMNAd+QzVPxh8E9VF0NyBw5z8:Dmr7oui/YiMw+gPxWE3n

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-stdio-l1-1-0.dll

    • Size

      22KB

    • MD5

      cd5c95e2f120b0c5c1f942f8b2be32bc

    • SHA1

      3beb2ce6d23982c375663cea0c5539d2c08a0933

    • SHA256

      36d0bddeb068239cd4bda5000f91043f7461a71ba29353ac0e44ef9122fc2644

    • SHA512

      543e3c221bf84fe393a4fb725fc65ef4d302d255f7b81dfc10fb42855905826856435c76ee79190773b711d85ff8be857ec3a227f3c2e464cb40d28fea1ea9fe

    • SSDEEP

      384:W+ZpFVhXWfhWzjHLZSf+VIYiMNAd+qH2Pxh8E9VF0NyYD9+2:H+oTi/YiMw+3PxWE2R+2

    Score
    1/10
    • Target

      app-11.4.0/api-ms-win-crt-string-l1-1-0.dll

    • Size

      22KB

    • MD5

      586ca5be822f164aef4aac777cd2a58c

    • SHA1

      0aef818bec01938ddd46418ec352a401941245f6

    • SHA256

      a2a774b7cac889a834b0bd385b9b7ede7d0d7d3e5fecb0f78a20ef49391a6a25

    • SHA512

      0315445498e70926c1f96e68bd7a7a6458e42999bad1b7fccf099166f2061552b1117b4eb7a91e44eccf7ef0990c17c9a595a042dd8541ef0c8b272b962473a1

    • SSDEEP

      384:WHiFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlTWfhWAHLZSf+VIYiMNAd+4fl6kPxh9:c6S5yguNvZ5VQgx3SbwA71IkFD9i/Yi1

    Score
    1/10
    • Target

      app-11.4.0/msvcp140_1.dll

    • Size

      27KB

    • MD5

      0dd8be7208cf6869a18821f5c55278cb

    • SHA1

      33c6452a1e4d766c1293b4bd6d7fef4294a5e64b

    • SHA256

      7c8668499569d84f0c3fbe8e53b024e8bb676434e91461c0851f15fffc9efde0

    • SHA512

      f1aac063fb74c5b6636b76e7bc2e45ba21115d9b45ecb73c73e81652aa56149c68973f9a3af56889ef15a58def105598a3b9a2a0906f3c8d0a3a3cb96f4f7d0f

    • SSDEEP

      384:IXt9apR94FCN2CWc35gWiWHLZSf+VIYiMNAd+3Q9Pxh8E9VF0NyMO8E:IXK794FCEMzi/YiMw+2PxWEiFE

    Score
    1/10
    • Target

      app-11.4.0/msvcp140_codecvt_ids.dll

    • Size

      24KB

    • MD5

      4a346291a68cc0b27a088e930d38a81a

    • SHA1

      c631a8ff3b26e89bc6f1fea0b5088d75f1690c3a

    • SHA256

      7c844d968e65722cf246439cda13b561dfa46f3cae21602e8299445a7ef00045

    • SHA512

      2083c69b1b1d10d207a2abd550ea31302302a48f5ef561558cbeebc5e6bf8e789d226cc9ff7da105888c0764e0848d27d2ed20ea1f501809435ba68d12a760b4

    • SSDEEP

      384:xYp02d8IWiZEWBHLZSf+VIYiMNAd+4al0Pxh8E9VF0NyNY+yT:xY02dxPi/YiMw+1l0PxWE7a

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

ducktail
Score
10/10

behavioral1

discoverypersistence
Score
6/10

behavioral2

discoverypersistence
Score
6/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

discoverypersistencespywarestealer
Score
7/10

behavioral8

discoverypersistencespywarestealer
Score
7/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10