AI Malware ‘MalTerminal’ Uses GPT-4 for Ransomware

    Tuesday, March 3, 2026 In: Threat Research Print

    Date: 03/03/2026

    Severity: High

    Summary

    MalTerminal is an AI-powered malware that uses GPT-4 to dynamically generate ransomware and other malicious code at runtime, instead of carrying a fixed payload. By creating unique scripts on demand through API calls, it evades traditional signature-based detection and static analysis. Its reliance on external AI services and hardcoded prompts marks a shift toward adaptive, AI-driven threat development, while also introducing weaknesses tied to API access and model dependency.

    Indicators of Compromise (IOC) List 

    Hash

    651d69c843f827f9ed871f595ffa15e5

    636e13c7b4c334503e313d82d9f7e5a1

    f882565b93ddaf86c2e1978cad43487a

    81cd20319c8f0b2ce499f9253ce0a6a8

    3ca2eaf204611f3314d802c8b794ae2c

    40b179e334fd12241823e4ad353bb96d

    cafe08392d476a057d85de4983bac94e

    806f552041f211a35e434112a0165568

    ed229f3442f2d45f6fdd4f3a4c552c1c

    ac377e26c24f50b4d9aaa933d788c18c

    b0deb274d35e0aed0669623b3575403c0ecee5f6

    5ff35cfd6d5e606baa4625609a53a551b087e241

    1022fb56fb10c232267c199a625495ab9ddba37d

    569ff9213b030ab862c5cadacaad8159a0a2c627

    cc06e6373be0a426e741f97f560d4d97a3f28dfa

    a0a7ac2316ce779700a56ea65314ff229ee5451b

    e065bec7855235dedfec5e66392b81b7a2234d0b

    f3f4c40c344695388e10cbf29ddb18ef3b61f7ef

    639dbc9b365096d6347142fcae64725bd9f73270

    24bf7b72f54aa5b93c6681b4f69e579a47d7c102

    dc9f49044d16abfda299184af13aa88ab2c0fda9ca7999adcdbd44e3c037a8b1

    3082156a26534377a8a8228f44620a5bb00440b37b0cf7666c63c542232260f2

    2eb18873273e157a7244bb165d53ea3637c76087eea84b0ab635d04417ffbe1b

    384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715

    d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e

    cf4d430d0760d59e2fa925792f9e2b62d335eaf4d664d02bff16dd1b522a462a

    a30930dfb655aa39c571c163ada65ba4dec30600df3bf548cc48bedd0e841416

    09bf891b7b35b2081d3ebca8de715da07a70151227ab55aec1da26eb769c006f

    e24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70

    2755e1ec1e4c3c0cd94ebe43bd66391f05282b6020b2177ee3b939fdd33216f6

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    md5hash IN ("ed229f3442f2d45f6fdd4f3a4c552c1c","651d69c843f827f9ed871f595ffa15e5","f882565b93ddaf86c2e1978cad43487a","636e13c7b4c334503e313d82d9f7e5a1","3ca2eaf204611f3314d802c8b794ae2c","806f552041f211a35e434112a0165568","cafe08392d476a057d85de4983bac94e","40b179e334fd12241823e4ad353bb96d","81cd20319c8f0b2ce499f9253ce0a6a8","ac377e26c24f50b4d9aaa933d788c18c")

    Detection Query 2 :

    sha1hash IN ("e065bec7855235dedfec5e66392b81b7a2234d0b","cc06e6373be0a426e741f97f560d4d97a3f28dfa","639dbc9b365096d6347142fcae64725bd9f73270","569ff9213b030ab862c5cadacaad8159a0a2c627","5ff35cfd6d5e606baa4625609a53a551b087e241","a0a7ac2316ce779700a56ea65314ff229ee5451b","1022fb56fb10c232267c199a625495ab9ddba37d","f3f4c40c344695388e10cbf29ddb18ef3b61f7ef","b0deb274d35e0aed0669623b3575403c0ecee5f6","24bf7b72f54aa5b93c6681b4f69e579a47d7c102")

    Detection Query 3 :

    sha256hash IN ("3082156a26534377a8a8228f44620a5bb00440b37b0cf7666c63c542232260f2","09bf891b7b35b2081d3ebca8de715da07a70151227ab55aec1da26eb769c006f","384e8f3d300205546fb8c9b9224011b3b3cb71adc994180ff55e1e6416f65715","cf4d430d0760d59e2fa925792f9e2b62d335eaf4d664d02bff16dd1b522a462a","2eb18873273e157a7244bb165d53ea3637c76087eea84b0ab635d04417ffbe1b","e24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70","2755e1ec1e4c3c0cd94ebe43bd66391f05282b6020b2177ee3b939fdd33216f6","d6af1c9f5ce407e53ec73c8e7187ed804fb4f80cf8dbd6722fc69e15e135db2e","dc9f49044d16abfda299184af13aa88ab2c0fda9ca7999adcdbd44e3c037a8b1","a30930dfb655aa39c571c163ada65ba4dec30600df3bf548cc48bedd0e841416")

    Reference:

    https://rewterz.com/threat-advisory/ai-malware-malterminal-uses-gpt-4-for-ransomware-active-iocs


    Tags

    MalwareAIRansomware

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.