Analyzing the Current State of AI Use in Malware

Analyzing the Current State of AI Use in Malware

Unit 42 analyzed two malware samples that integrate large language models: a ConfuserEx‑packed .NET infostealer that calls OpenAI GPT‑3.5‑Turbo for logging and superficial evasion/obfuscation suggestions, and a dropper that queries GPT‑4 to gate execution before deploying a Sliver payload. Both samples show experimental AI use—LLM outputs are largely unimplemented or used for “AI theater,” but the dropper’s LLM-based safety assessment demonstrates a plausible path to AI‑gated execution. #Sliver #ConfuserEx2 #GPT35Turbo #GPT4 #OpenAI #Unit42 #PaloAltoNetworks

Keypoints

  • Unit 42 found two OSINT‑sourced samples using LLM integrations: a .NET infostealer and a Sliver dropper that query OpenAI models for remote decision making.
  • The .NET infostealer (C# .NET Framework 4.0, ConfuserEx 2 obfuscated) collects system info, browser cookies and file listings, logs LLM outputs, and posts JSON to a default C2 URL.
  • The infostealer implements four LLM function calls—GenerateEvasionTechnique, AnalyzeTargetEnvironment (used to set sleep delay), GenerateObfuscatedCommunication, SendToC2ServerWithLLM—most outputs are only logged and not enacted.
  • The dropper gathers telemetry (process list, AV, network, USB, uptime), sends it to GPT‑4 to obtain a JSON verdict {“execute”: true/false}, and only proceeds to decrypt/launch Sliver when the LLM returns execute:true.
  • Current integrations largely amount to “AI theater” that can lower the barrier for less skilled actors, while true locally embedded models and reliable AI‑driven execution remain challenging but feasible in the future.
  • Palo Alto Networks protections (Advanced Threat Prevention, Advanced WildFire, Cortex XDR, XSIAM) and Unit 42 services are cited as defenses; indicators include multiple SHA256 hashes and a C2 URL used in the samples.

MITRE Techniques

  • [T1082 ] System Information Discovery – Malware collects system information, browser cookies and file listings for targeting and telemetry (‘collecting and saving data to disk, like system information, browser cookies and file listings.’)
  • [T1071 ] Application Layer Protocol – Stolen data and LLM‑enhanced headers are sent over HTTP to a C2 endpoint (‘sends the stolen data in JSON format to hxxp[:]//localhost:3002/crypto-data.’)
  • [T1041 ] Exfiltration Over C2 Channel – Data exfiltration is performed to a command-and-control server as a primary objective (‘This data is then exfiltrated to a C2 server.’)
  • [T1027 ] Obfuscated Files or Information – Malware queries the LLM for obfuscation techniques (e.g., ‘Base64 Encode’, ‘XOR Cipher’) though suggested techniques are not implemented (‘Generate a simple obfuscation technique for data communication. Return only the technique name (max 2 words) like ‘Base64 Encode’, ‘XOR Cipher”)
  • [T1036 ] Masquerading – LLM is prompted to generate evasion technique names including ‘Process Spoofing’ as a suggested evasion approach (‘Examples: ‘Random Delay’, ‘Process Spoofing’, ‘Memory Obfuscation”)
  • [T1055 ] Process Injection – Dropper decrypts Donut shellcode and may execute a Sliver payload (shellcode execution/loading behavior) (‘decrypts Donut shellcode, but instead of immediately executing the shellcode, this dropper uses the collected data to assess the environment’s “safety” via an LLM.’)
  • [T1497 ] Virtualization/Sandbox Evasion – The LLM-based safety check flags forensic/monitoring artifacts (e.g., sysmon.exe, Process Hacker) as risks to stealthy execution (‘Presence of sysmon.exe suggests potential system monitoring and could pose a risk for stealth operations.’)

Indicators of Compromise

  • [File Hash ] .NET infostealer and dropper SHA256 hashes – 1b6326857fa635d396851a9031949cfdf6c806130767c399727d78a1c2a0126c, 02ce798981fb2aa68776e53672a24103579ca77a1d3e7f8aaeccf6166d1a9cc6, and 2 more hashes
  • [File Hash ] Sliver dropper SHA256 – 052d5220529b6bd4b01e5e375b5dc3ffd50c4b137e242bbfb26655fd7f475ac6 (dropper sample)
  • [URL ] C2 endpoint (default/local in samples) – hxxp[:]//localhost:3002/crypto-data (used for JSON exfiltration and LLM‑enhanced headers)
  • [File Names ] log and executable artifacts – victim_logs.txt, opsec.log (examples of files written to disk by the infostealer and dropper)
  • [Tooling/Packers ] obfuscation and loader tools – ConfuserEx 2 (obfuscator used on .NET sample), Donut shellcode (shellcode loader used by the dropper)


Read more: https://unit42.paloaltonetworks.com/ai-use-in-malware/