MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45167945141c95c5a012feeb0fcfc6667fc43e781cd9e43ab0be4bcc1b9ed6b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 45167945141c95c5a012feeb0fcfc6667fc43e781cd9e43ab0be4bcc1b9ed6b2
SHA3-384 hash: 5eeb424253782f813cebb9375f21e93e9697714b98e2f1ca875bf1d85327e5ad4273cb5fa8c1b38d01df104fac8db699
SHA1 hash: 555d9c19b2a56ff085582b6a08131de0bd0a010b
MD5 hash: acc02f42f2a109e71906d07f4d6f59c8
humanhash: earth-sink-undress-item
File name:chthonic_2.23.12.5.vir
Download: download sample
Signature Chthonic
File size:180'224 bytes
First seen:2020-07-19 17:24:28 UTC
Last seen:2020-07-19 19:17:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash fa9b378bdf1c212e52bc30b07cd194bd
ssdeep 3072:aV2KsqV/F9UNEZiZKOqQKwZ4VUomPzN0bl+0u9DWn4WjE5y8Mpta:a4L8gOZYQVIzN0J+0uN+4WjE8Y
TLSH 6A04E02174A0C073F897827960ECCB51A767BA3007AA85937BE81FCD9970AE45737397
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.12.5

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Blocker
Status:
Malicious
First seen:
2017-11-22 19:22:11 UTC
AV detection:
22 of 28 (78.57%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan
Behaviour
Suspicious behavior: EnumeratesProcesses
System policy modification
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Checks whether UAC is enabled
Checks whether UAC is enabled
Deletes itself
Blacklisted process makes network request
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Blacklisted process makes network request
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
Modifies Windows Defender Real-time Protection settings
Modifies Windows Defender Real-time Protection settings
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments