MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e86fbf5aa4f23d453805ab455d1ce53cecdf83bbdf142d995cf61290e8caab4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 0e86fbf5aa4f23d453805ab455d1ce53cecdf83bbdf142d995cf61290e8caab4
SHA3-384 hash: 791e435dcf7ac879eba635b9123a7f93ae35bc4315e46094f873090d4331ead88205017e8e4a65064681d193260ab29b
SHA1 hash: 1845a9543a84ce21532a2a5df5200fdba8db8cea
MD5 hash: a6a625b1840483a2288b7c93991a12ed
humanhash: mountain-ceiling-blossom-missouri
File name:chthonic_2.23.11.0.vir
Download: download sample
Signature Chthonic
File size:370'176 bytes
First seen:2020-07-19 17:36:56 UTC
Last seen:2020-07-19 19:21:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 433aa01ac6f49bc98330c623d3eb05f9
ssdeep 6144:UwvrBGuyPPY9rR36HHnymGl50wx7zJDwJZ7IgJDsqnM4dIeR:UwvrBGtPY9l36nnAiK7zJMnvDsyM4dIy
TLSH 4574D0397BE1D0B2C9E715F81896CB7AD979BC70277AD2077B9019ED0E20785D12232B
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.11.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Yakes
Status:
Malicious
First seen:
2016-09-29 21:51:15 UTC
AV detection:
22 of 31 (70.97%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Drops file in Windows directory
Modifies service
Checks whether UAC is enabled
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Modifies Windows Defender Real-time Protection settings
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments