MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df
SHA3-384 hash: abda015a642bcaa34a91ccd9e319a597f488083077b79a4008fb0cc4db65245eca8cc6e32c8af1cff88e5afdebb7e130
SHA1 hash: 3df96a679207e82599fac13d707d98829ebd69a3
MD5 hash: 3e20db8b47324b00afb542603e7ea98f
humanhash: mars-double-sad-utah
File name:chthonic_2.4.22.0.vir
Download: download sample
Signature Chthonic
File size:192'512 bytes
First seen:2020-07-19 19:31:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b11aee69b0e913335623932dedcd75e5
ssdeep 3072:dzaOOOOOOOOOOOOOOQgGuq1b4KJObQ0c/2IbVo0HJSf1PKWsM0HJS:dzaOOOOOOOOOOOOOOtqt8bQ0e2IBoxNN
TLSH CD14F47D61B82B5BD0F255787AEA58C2FF15FB0333459C6D708F07562B6EA02BCA1029
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.4.22.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Blocker
Status:
Malicious
First seen:
2015-11-22 00:00:00 UTC
AV detection:
30 of 31 (96.77%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
System policy modification
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks whether UAC is enabled
Deletes itself
Deletes itself
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Disables taskbar notifications via registry modification
Adds policy Run key to start application
UAC bypass
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments