MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5124f1b8847074cf927f1fe6dec6657a3a50c32e924f7ff915c926604c207b25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Chthonic


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5124f1b8847074cf927f1fe6dec6657a3a50c32e924f7ff915c926604c207b25
SHA3-384 hash: ba66dc0dfd241ddce15205f3ed676f99cd8339bb858eb31012a0c478865419ab8673c0617c8eaf98ad97d81cb3ef8e0d
SHA1 hash: 71323430b7752734c495e1bbb42889ebc041a5c8
MD5 hash: c73bb0ecba9a48fa54ce209becf415a1
humanhash: kitten-beer-tennis-oscar
File name:chthonic_2.23.14.3.vir
Download: download sample
Signature Chthonic
Create hunting rule
File size:323'584 bytes
First seen:2020-07-19 17:22:52 UTC
Last seen:2020-07-19 19:16:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0a1db6d1c8cde9b3d2f768f30a81a4a8 (1 x Chthonic)
ssdeep 6144:09i0RVhkQMRO2NCDuh3rxbPYnmIeIVDCQ7ABX5T:09i0RVhkQMRO2wK3rxbmPeQDz7WX5T
Threatray 54 similar samples on MalwareBazaar
TLSH C5649E22BED2C0B3D45725B0C8A1A6656A3F7D42D7B0D3DBBB90FB1E89301E04579B52
Reporter tildedennis
Tags:Chthonic


Avatar
tildedennis
chthonic version 2.23.14.3

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27973/
Detection(s):
SecuriteInfo.com.Pakes3_c.RDD.7077.29747.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Unauthorized injection to a recently created process
Connection attempt to an infection source
Detection:
chthonic
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5124f1b8847074cf927f1fe6dec6657a3a50c32e924f7ff915c926604c207b25/
Threat name:
Win32.Trojan.Poison
Create hunting rule
Status:
Malicious
First seen:
2017-05-11 08:20:36 UTC
File Type:
PE (Exe)
Extracted files:
41
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
248ecff90346c947fda3ab80b686cdb4a3ea72ce5641a17e72b3cd48262d0b69
Chthonic
3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3
Chthonic
9d4746373e81656ca55f49d1b2c93f5d9358bf3c6a31e1a9ae606f26ba273dca
Chthonic
a2e7dd2a1d4dfada76d1cb58d0736805e8372789de39e317a8edb34a313a039c
Chthonic
ac8006c65da9bfedca11b142c2b4cd176c1559e55aef528155136f513abc4494
Chthonic
bbeaa86003be4d14ff5643c47d20ca8a44e4d7e655bda8a93439fbe7dd4e9066
Chthonic
c79649b70f1680062355e956dcabe0fa2ecb58faf5c22d4454a3dbb67e1db6b7
Chthonic
e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c
Chthonic
ebcb76212a57b469c83b1893f3b22c4199e8726495b057e2c45b3ce146f8d4cc
Chthonic
fd224776b4fb97e51e1d9071c78e506a40c3973e5552ec1ae756fa370363b59d
Chthonic
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan
Link:
https://tria.ge/reports/200719-5a64trasxj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
System policy modification
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Checks whether UAC is enabled
Checks whether UAC is enabled
Blacklisted process makes network request
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Blacklisted process makes network request
Disables taskbar notifications via registry modification
Adds policy Run key to start application
UAC bypass
Modifies Windows Defender Real-time Protection settings
Modifies Windows Defender Real-time Protection settings
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5124f1b8847074cf927f1fe6dec6657a3a50c32e924f7ff915c926604c207b25

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/chthonic/
Cape
Cape
https://www.capesandbox.com/analysis/27973/

Comments