LetsDefend — SOC202 — FakeGPT Malicious Chrome Extension Investigation Walkthrough
Tags
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 4a9b766e-19dd-4f97-8ebf-fb16c884bbd6
Fingerprint 8044b211e1940d1b
Analysis status DONE
Considered CTI value -2
Text language
Published Sept. 1, 2024, 11:01 p.m.
Added to db Sept. 2, 2024, 1:24 a.m.
Last updated Nov. 17, 2024, 5:57 p.m.
Headline LetsDefend — SOC202 — FakeGPT Malicious Chrome Extension Investigation Walkthrough
Title LetsDefend — SOC202 — FakeGPT Malicious Chrome Extension Investigation Walkthrough
Detected Hints/Tags/Attributes 39/1/28
Source URLs
Redirection Url
Details Source https://stumblesec.medium.com/letsdefend-soc202-fakegpt-malicious-chrome-extension-investigation-walkthrough-c72d2a6ab95e?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com stumblesec.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 21 
app.letsdefend.io
Details Domain 911 
any.run
Details Domain 25 
chrome.google.com
Details Domain 3 
version.chatgpt4google.workers.dev
Details Domain 1 
chatgptforgoogle.pro
Details Domain 87 
app.any.run
Details Domain 268 
www.virustotal.com
Details Domain 360 
attack.mitre.org
Details File 271 
chrome.exe
Details File 97 
mpcmdrun.exe
Details md5 1 
9cc6c26bd215549c39ba5b65e9eec9ea
Details sha256 2 
7421f9abe5e618a0d517861f4709df53292a5f137053a227bfb4eb8e152a4669
Details IPv4 2 
172.16.17.173
Details IPv4 1 
104.21.63.166
Details IPv4 1 
172.67.147.243
Details IPv4 2 
52.76.101.124
Details IPv4 1 
3.1.17.18
Details IPv4 2 
18.140.6.45
Details Url 1 
https://app.letsdefend.io/monitoring
Details Url 2 
https://chrome.google.com/webstore/detail/chatgpt-for-google/hacfaophiklaeolhnmckojjjjbnappen
Details Url 1 
https://learn.microsoft.com/en-us/defender-endpoint/command-line-arguments-microsoft-defender-antivirus
Details Url 1 
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-7.4#description
Details Url 7 
https://app.any.run
Details Url 1 
https://app.any.run/tasks/99055672-d173-4fd6-afc2-7a45c84c3448
Details Url 43 
https://www.virustotal.com
Details Url 2 
https://labs.guard.io/fakegpt-new-variant-of-fake-chatgpt-chrome-extension-stealing-facebook-ad-accounts-with-4c9996a8f282
Details Url 1 
https://labs.guard.io/fakegpt-2-open-source-turned-malicious-in-another-variant-of-the-facebook-account-stealer-d00ef9883d61
Details Url 5 
https://attack.mitre.org/tactics/ta0011