KloudyNet
What Makes PromptLock Different?
Unlike traditional ransomware that contains pre-compiled malicious logic, PromptLock operates through dynamic code generation. The malware uses OpenAI’s gpt-oss:20b model via the Ollama API to create custom, cross-platform Lua scripts for its attack chain. This approach offers several advantages to attackers:
Dynamic Evasion: By generating code on-the-fly, PromptLock can potentially evade static analysis and signature-based detection methods that rely on known code patterns.
Cross-Platform Compatibility: The use of Lua is a strategic choice, as its lightweight and embeddable nature allows the generated scripts to run seamlessly across multiple operating systems, maximizing the malware’s potential target base.
Reduced Forensic Footprint: Since the malicious logic is generated locally rather than stored statically, traditional reverse engineering techniques may prove less effective.
Technical Analysis: The Attack Chain
PromptLock’s sophisticated attack methodology involves several stages:
1. AI-Powered System Enumeration
The malware generates Lua code to gather system parameters like OS type, username, hostname, and current working directory, with prompts specifically demanding cross-platform compatibility for Windows, Linux, and macOS.
2. Intelligent File System Inspection
The AI creates scripts to scan the local filesystem, identify target files, and analyze their contents, specifically looking for PII or sensitive information.
3. Dynamic Data Exfiltration & Encryption
Once target files are identified, the AI-generated scripts are executed to handle data exfiltration and subsequent encryption using the SPECK 128-bit block cipher.
Detection Strategies with Microsoft Defender for Endpoint
To combat this emerging threat, security teams must adapt their detection strategies. Here are targeted KQL queries for Microsoft Defender for Endpoint that can help identify PromptLock-like activities:
1. Detecting Golang-Based Executable Launches
DeviceProcessEvents
| where Timestamp > ago(30d)
| where ProcessCommandLine has_any ("go", "golang")
or FileName endswith ".go"
or InitiatingProcessVersionInfoProductName has "Go"
| where ProcessCommandLine has_any ("ollama", "api", "gpt", "llm", "model")
| project Timestamp, DeviceName, ProcessCommandLine, FileName, SHA256, AccountName
| order by Timestamp desc2. Monitoring Network Connections to AI API Endpoints
DeviceNetworkEvents
| where Timestamp > ago(30d)
| where RemotePort in (8080, 8443, 11434) // Common Ollama ports
| where RemoteUrl has_any ("ollama", "127.0.0.1", "172.42.0", "localhost")
or RemoteIPType == "Private"
| where InitiatingProcessFileName has_any (".exe", "go", "main")
| project Timestamp, DeviceName, InitiatingProcessFileName, RemoteUrl, RemoteIP, RemotePort, LocalIP
| order by Timestamp desc3. Detecting Lua Script Execution
DeviceProcessEvents
| where Timestamp > ago(30d)
| where ProcessCommandLine has_any ("lua", ".lua", "luac")
or FileName has_any ("lua", "luac")
| where ProcessCommandLine has_any ("enum", "scan", "crypt", "file", "system")
| project Timestamp, DeviceName, ProcessCommandLine, AccountName, SHA256
| order by Timestamp desc4. Monitoring File System Enumeration Activities
DeviceFileEvents
| where Timestamp > ago(30d)
| where ActionType in ("FileCreated", "FileModified")
| where FileName endswith ".lua"
or FolderPath has_any ("temp", "tmp", "appdata")
| where InitiatingProcessCommandLine has_any ("scan", "enum", "gather", "collect")
| summarize FileCount = count(), UniqueFiles = dcount(FileName) by DeviceName, InitiatingProcessFileName, bin(Timestamp, 1h)
| where FileCount > 50 // Threshold for suspicious file enumeration
| order by Timestamp desc5. Detecting Suspicious Registry Operations
DeviceRegistryEvents
| where Timestamp > ago(30d)
| where ActionType in ("RegistryValueSet", "RegistryKeyCreated")
| where RegistryKey has_any ("Software\\", "System\\", "Security\\")
| where InitiatingProcessCommandLine has_any ("lua", "script", "enum")
| project Timestamp, DeviceName, ActionType, RegistryKey, RegistryValueName, InitiatingProcessFileName
| order by Timestamp desc6. Comprehensive PromptLock Threat Hunting Query
let SuspiciousProcesses = DeviceProcessEvents
| where Timestamp > ago(7d)
| where ProcessCommandLine has_any ("ollama", "gpt", "llm", "lua")
or FileName has_any ("go", "lua");
let NetworkConnections = DeviceNetworkEvents
| where Timestamp > ago(7d)
| where RemotePort in (8080, 8443, 11434)
or RemoteUrl has_any ("ollama", "127.0.0.1", "172.42.0");
let FileActivities = DeviceFileEvents
| where Timestamp > ago(7d)
| where FileName endswith ".lua"
or InitiatingProcessCommandLine has "lua";
SuspiciousProcesses
| join kind=inner NetworkConnections on DeviceName, $left.Timestamp == $right.Timestamp
| join kind=inner FileActivities on DeviceName, $left.Timestamp == $right.Timestamp
| project Timestamp, DeviceName, ProcessCommandLine, RemoteIP, RemotePort, FileName
| summarize Count = count() by DeviceName, bin(Timestamp, 1h)
| where Count >= 3
| order by Timestamp descProactive Defense Measures
Network Monitoring
– Monitor for connections to local AI model APIs (ports 8080, 8443, 11434)
– Implement network segmentation to prevent lateral movement
– Deploy DNS monitoring for AI-related domain queries
Behavioral Analysis
– Establish baselines for normal Lua script execution
– Monitor for unusual cross-platform code generation patterns
– Implement anomaly detection for file system enumeration activities
Endpoint Protection
– Enable real-time file and registry monitoring
– Configure behavioral-based detection rules
– Implement application control policies for AI-related executables
The Broader Implications
As local LLMs become more powerful and accessible, security teams must prepare for a future where malware is no longer static but generated dynamically on victim machines. This shift requires:
Enhanced Detection Capabilities: Traditional signature-based detection methods will become less effective, necessitating more sophisticated behavioral and AI-powered detection systems.
Proactive Threat Hunting: Security teams must develop new hunting methodologies that focus on AI model interactions and dynamic code generation patterns.
Security Architecture Evolution: Organizations need to consider the security implications of local AI models and implement appropriate controls and monitoring.
Conclusion
PromptLock represents just the beginning of AI-powered malware evolution. While currently a proof-of-concept, its innovative approach to dynamic code generation signals a fundamental shift in the threat landscape. Security professionals must adapt their detection strategies, enhance their monitoring capabilities, and prepare for a future where artificial intelligence serves as both a powerful ally and a formidable adversary.
The key to staying ahead lies in understanding these emerging techniques, implementing comprehensive detection strategies, and continuously evolving our defensive capabilities. As we enter this new era of AI-powered threats, collaboration between security researchers, threat hunters, and technology providers becomes more critical than ever.
Indicators of Compromise (IoCs)
Malware Family: Filecoder.PromptLock.A
SHA1 Hashes:
– 24BF7B72F54AA5B93C6681B4F69E579A47D7C102
– AD223FE2BB4563446AEE5227357BBFDC8ADA3797
– BB8FB75285BCD151132A3287F2786D4D91DA58B8
– F3F4C40C344695388E10CBF29DDB18EF3B61F7EF
– 639DBC9B365096D6347142FCAE64725BD9F73270
– 161CDCDB46FB8A348AEC609A86FF5823752065D2
Network Indicators:
– Local API endpoint: 172.42.0[.]253:8443
– Ollama API connections on ports 8080, 8443, 11434
Stay vigilant, stay protected.