MalTerminal
MalTerminal is an early proof-of-concept LLM-enabled malware prototype, described by SentinelLABS as potentially the earliest known malware to generate malicious payloads at runtime. It was presented at LABScon 2024 and later discussed in SentinelLABS research on hunting LLM-enabled malware. The malware uses OpenAI GPT-4 via a hardcoded API key and a deprecated chat completions endpoint, indicating the sample was likely written before early November 2023. Identified artifacts include a compiled Python2EXE sample named MalTerminal.exe and related Python scripts such as testAPI.py and TestMal2.py.
When executed, MalTerminal offers an operator a choice between generating ransomware functionality or a reverse shell. It sends requests to a GPT-4 endpoint and dynamically generates malicious code in memory, including encryption, exfiltration, or reverse-shell logic, without needing to write the generated payload to disk. This runtime code-generation model was highlighted as complicating traditional static signature-based detection.
The malware is characterized in the source material as experimental and Level 1 (Experimenting) under the AIM3 maturity model. It is described as an LLM-driven ransomware and remote-access-tool concept in which AI is primarily used for code generation in response to human prompts. SentinelLABS also cited it as an example of the broader 'prompts-as-code' pattern, where prompts and API keys are embedded directly into malware.
There is no high-confidence reporting in the provided content that MalTerminal was deployed in the wild, sold, or operationally used by a known threat actor. The content instead consistently frames it as a prototype or PoC. Related variants such as TestMal3.py and Defe.py were described as defensive tools under the name FalconShield that asked GPT to assess whether Python code was malicious.
Hunt this family in your stack
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
Techniques & procedures
3 distinct techniques documented for this family, organized by ATT&CK tactic.
Execution
1 technique
Execution
Exfiltration
1 technique
Exfiltration
Impact
1 technique
Impact
IOCs tracked for this family
15 indicators attributed across vendor reports, sandbox runs, and researcher write-ups. Full values are available in Mallory.
File hashes (MD5, SHA-1, SHA-256) from samples and reports.
Recent activity
10 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
AI-enabled malware that uses OpenAI GPT-4 via a hardcoded API key to generate reverse shells or ransomware at runtime.
AI-powered malware that dynamically generates malicious payloads at runtime by querying a GPT-4 endpoint. It can produce either ransomware functionality or a reverse shell, with encryption and exfiltration code generated in memory to reduce disk artifacts.
LLM-enabled malware that can generate ransomware and reverse-shell functionality (as described in the title/summary).
A proof-of-concept tool demonstrating embedding LLM prompts/API keys into code to enable runtime LLM usage for generating or adapting malicious capabilities.
The version that knows your environment.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.