Someone showed me this on Telegram. It is very silly. It is clearly masquerading as "Free GPT and Claude". Anyone with half a brain knows this is malicious, but people will still fall for it. People asked what it is. I have some free time. I poked it with a stick, People discussing it said it is XMRig. That is not entirely accurate. This is not XMRig. This is flagged as XMRig from Triage and VirusTotal because it does indeed drop XMRig, but it is much more than that. This is a (maybe new) information stealer packaged with XMRig as a double whammy. This malware is interesting because of a few things: 1. It is position independent, they care enough to be evasive and strip out a majority of dependencies. This is usually indicative of more serious malware. 2. They .zip it delivers from the "Free GPT and Claude" is intentionally bloated (payload inflation). It is 97MB, which may evade a majority of anti-malware product (initially) due to it's large size. It packages itself with FFMpeg and various other audio codecs. 3. It accesses Microsoft Outlook e-mails, accesses Chrome stuff using the COM IElevationService, looks for any SFTP credentials It (currently) does not have any matching YARA rules from AV vendors. The closest approximation is LummaStealer. My knowledge base on the Information Stealer scene is out-of-date (it changes a lot). However, on first initial glance this appears like a new information stealer. Again, this should be taken with a grain of salt. It's also worth noting the domain it exfiltrates to does not appear in any malware reports. The domain is unique, and the payload does not match any existing YARA rules (it's behavioral characteristics do, but not a specific malware family), so this is actually a pretty interesting sample. A lookup though shows this is an emerging malware campaign. It first appeared around the end of May. This is (probably) a known Threat Actor who has switched it up a bit (or it's MaaS, whatever though). The malware appears online masquerading as various products. - ecore-sourceproject - LogiDA - GPT_Claude_Free - CortexSystems.v3.4.2.Stable - TikTokBot-v2.2 - CortexLauncher Funny enough, this malware would have been much, much, much, MUCH more evasive if they didn't package it with XMRig. VirusTotal and Triage immediately flagged it because after it establishes persistence, and steals any credentials on the machine, it pulls XMRig to turn into a cryptocurrency miner. If they did not pull the XMRig binary this stealer would be much more quiet. I have no idea why they decided to burn their OPSEC with XMRig. C2: dfwioeiofwr-dot-info Payload (and associated families from the C2) 027d576c6b5512d661081aaeeeb8e611f95a469ccf5ba35e0a390e8814334d05 5dcc599cf48227e65ea49d2708d08704fd1cb7e3b89736718d0d8e557857c49c 5e8b40b0b7512e1a1355374fb0cf34bfdf1260ebdb80a353c8f9da2490beeed3 6a0c332296b017220fc2b522da653fce36a8a3c5c79de0200d61c5fc31eb89ce a2f8ebf65d54a4d9c8b720d01da77ad796683f1a5b8bd3d08738d7df4365f8a 9d4aaa9842c947756b7c128c432292732098fb71d247ef0bce60368563572da3 c4caca93e2291c018e701c217b7d232c534e4dd142042a59aa4d32754ef3022a

👋 Looking for collaborators for an open-source project! DM me if you’re interested. #OpenSource #WebDev #opensource #sourceproject #collaborators #project #looking #fashion #happiness #denim #longhair #peopleinnature #leisure #blond #portraitphotography #beautyjunkie

Here's a great video a friend (@sourceproject) produced about Debal a handful of years ago. Hope you like it. vimeo.com/68119509

Hey folks today made my 2nd open source contribution today✅ , it's been an amazing experience after contributing to two open sourceproject, so much learning involved 🙏🙏 #OpenSource

Hyperledger is een open-sourceproject dat is ontwikkeld door de Linux foundation.  Lees hieronder meer ⬇️ cryptobenelux.com/2021/06/25…

"Contributing to Open sourceproject always ensure your forked project up-to date, communicate people are willing to help along the way. If you're new to git you can use git CLI or git gui."

Het gedecentraliseerde open-sourceproject met een openbaar blockchain-platform voor smart contracts, Cardano (ADA), is van plan in de komende maanden verschillende belangrijke upgrades te implementeren.  Lees het hieronder ⬇️👌🏼 cryptobenelux.com/2021/02/23… #Cardano #ADA $ADA

Why campaigners want everyone to be able to enjoy this Frome green space. @SourceProject frome.nub.news/n/frome-commu…

"By buying #seed that has been grown locally, you’re buying seeds that have already adapted to your #climate, weather, and growing conditions." Read this wonderful #SeedWeek blog by our friends @SaharaLondon! Photos by @SourceProject saharalondon.com/articles/we…

Getting closer... With 4 days until #SeedWeek 2021, check out our short videos about some of the #UK & #Ireland's best #seed growers and custodians. Films by our friends @SourceProject: vimeo.com/showcase/5597350

Dr Debal Deb's story is one of our faves in our newly launched #WeFeedTheWorld photo book. On his small farm in Odisha, India, Debal cultivates 1,420 #rice varieties on just two acres 🌾🍚 📸 from the amazing @SourceProject More in our short film: vimeo.com/68119509

The Future of Food and Gerald Miles is a great video from @SourceProject. Gerald Miles, of Caerhys #Organic Farm, explains the benefits of Community Supported Agriculture. #OrganicFarming #PesticideFree #CSA #Health #WHAg #WholeHealth buff.ly/31YoaB4

Today we're launching Continuous Machine Learning (CML), a new open-sourceproject for CI/CD with ML. Let's bring the power of DevOps to ML or MLOps. dvc.org/blog/cml-release

(The 7 most Awesome open source projects of 2018) ☞ opensourceprojects.org/the-7… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode

(Hack instagram Account - Instagram Bruter) ☞ opensourceprojects.org/hack-… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode

Is there interested in donation to open #sourceproject ? We have receiving lots of fund requests from OSSs listed on IssueHunt. These projects have 3k to 40k GitHub stars. Please feel free to talk to me anything 👋 issuehunt.io

(Instagram Follower & Like Bot - Open Source) ☞ opensourceprojects.org/insta… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode

(GraphQL Code Generator) ☞ opensourceprojects.org/graph… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode

(The Most Popular Artificial Intelligence Programming Languages & Examples) ☞ opensourceprojects.org/the-m… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode

(SQL Server / SQL Server Cloud Integration) ☞ opensourceprojects.org/sql-s… #opensourceprojects #opensource #software #programming #android #androidprojects #linux #sourceproject #python #100DaysOfCode