MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Chthonic

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3
SHA3-384 hash:	29dd26fdf8a1a3022439cbda7f7e5f67ec823de5ffe27c5bd4381aef77e7a3984b3f0e7d675d5711b7f36c0e8fa07980
SHA1 hash:	2fb58a0dc16c9bdc697bf1078f63c657e600faf2
MD5 hash:	43307a5a45b5a74e9270b5b3d4c67137
humanhash:	fruit-washington-island-william
File name:	chthonic_2.23.14.2.vir
Download:	download sample
Signature	Chthonic Create hunting rule
File size:	204'800 bytes
First seen:	2020-07-19 17:20:11 UTC
Last seen:	2020-07-19 19:15:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	fa3bf5edae31665b6a160c86358deb7c (1 x Chthonic)
ssdeep	3072:lAeWrQkWKONMm2nL1W4XBGqaB3+EZ9Fulf4jKmJy6t:lAeWcqm25WOGMEZ9Fs4O
Threatray	65 similar samples on MalwareBazaar
TLSH	2614BEA375B0C4B2E403013568AACBB55277AD3137667C122FD47E5E9A306DC8B7A34B
Reporter	tildedennis
Tags:	Chthonic

tildedennis

chthonic version 2.23.14.2

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/27959/

Detection(s):

Win.Trojan.NeutrinoPOS-6333858-3

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/389865

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3/

Threat name:

Win32.Hacktool.CeeInject

Status:

Malicious

First seen:

2017-04-22 19:57:36 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

1/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion trojan persistence

Link:

https://tria.ge/reports/200719-gg448y69vj/

Behaviour

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

System policy modification

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Modifies Internet Explorer settings

Checks whether UAC is enabled

Deletes itself

Adds policy Run key to start application

Disables taskbar notifications via registry modification

Blacklisted process makes network request

Adds policy Run key to start application

Disables taskbar notifications via registry modification

Blacklisted process makes network request

UAC bypass

Modifies Windows Defender Real-time Protection settings

UAC bypass

Modifies Windows Defender Real-time Protection settings

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/chthonic/

Cape

https://www.capesandbox.com/analysis/27959/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample