Overview

overview

10

Static

static

7

Chatgpt-onlythem.exe

windows7-x64

10

Chatgpt-onlythem.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Chatgpt-onlythem.exe

  • Size

    15.7MB

  • Sample

    250330-vaxe2avnw5

  • MD5

    ec66edd6ba80d511708822aacec86142

  • SHA1

    1bf69ab9ba392bd378ba58f980c29898ed843bd5

  • SHA256

    b4e5518029bb12ab0df6d520b23921df50bb0b3b62d955715842fe7bccffcb19

  • SHA512

    3863146187f97aee94a5fdd8dbc99bac6ffe992623aa04a594e9bbcac2f4b58d2990d9b872b13b9493cc0fea5fbf5f36a3b165c7c6a0f7ab4a5960de8dee9446

  • SSDEEP

    393216:0TNXHO03mcr6C1M9srYvVeylF3OGR6Z/fN3JTPYMfB:0c0ZzrYvVeGR4/fN5T

Score
10/10
venomratdefense_evasiondiscoveryratthemidatrojan

Malware Config

Targets

    • Target

      Chatgpt-onlythem.exe

    • Size

      15.7MB

    • MD5

      ec66edd6ba80d511708822aacec86142

    • SHA1

      1bf69ab9ba392bd378ba58f980c29898ed843bd5

    • SHA256

      b4e5518029bb12ab0df6d520b23921df50bb0b3b62d955715842fe7bccffcb19

    • SHA512

      3863146187f97aee94a5fdd8dbc99bac6ffe992623aa04a594e9bbcac2f4b58d2990d9b872b13b9493cc0fea5fbf5f36a3b165c7c6a0f7ab4a5960de8dee9446

    • SSDEEP

      393216:0TNXHO03mcr6C1M9srYvVeylF3OGR6Z/fN3JTPYMfB:0c0ZzrYvVeGR4/fN5T

    Score
    10/10
    venomratdefense_evasiondiscoveryratthemidatrojan

    • VenomRAT

      Detects VenomRAT.

      rat

    • Venomrat family

      venomrat

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      defense_evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks