MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dc6116deb18fa9aec4e567b26ca77b9f7681cbdb2b6f29ce1665fcfd8b8f5ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 3dc6116deb18fa9aec4e567b26ca77b9f7681cbdb2b6f29ce1665fcfd8b8f5ce
SHA3-384 hash: 706a17263bd32d3e1b23a74c1a57cf1343521dacbf746bf1283574c2fd6ba00768fe37d4f89b794468faa25f1ca0c2d6
SHA1 hash: 4aaaafbee73e9a98231cd74815cac9d70c9d1eaf
MD5 hash: a163c669174cd18fda083d8819d10e6a
humanhash: berlin-pasta-glucose-four
File name:chthonic_2.23.14.4.vir
Download: download sample
Signature Chthonic
File size:315'904 bytes
First seen:2020-07-19 16:34:14 UTC
Last seen:2020-07-19 19:09:26 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0d45f337679ed494305bf79277892e1
ssdeep 6144:K4TP4LEvgUeUJokDR/0CMznQ2RairNUW:tj/MWUBairNUW
TLSH 8E64F11359704CE2E9B33AB1A8AB2DBC0B713C29D778449D1099FD2B76756D2103EF1A
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.14.4

Intelligence


File Origin
# of uploads :
4
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Graftor
Status:
Malicious
First seen:
2017-06-03 15:57:09 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious use of UnmapMainImage
Modifies Internet Explorer settings
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
System policy modification
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Checks whether UAC is enabled
Checks whether UAC is enabled
Deletes itself
Adds policy Run key to start application
Blacklisted process makes network request
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Blacklisted process makes network request
UAC bypass
Modifies Windows Defender Real-time Protection settings
Modifies Windows Defender Real-time Protection settings
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments