MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Chthonic

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c
SHA3-384 hash:	3e60e4c27b9c1dd31fba73672eab438a9b2010d5a1b77593670f1272a39fe6180a4028187c3f893af88bfb18ec8e156f
SHA1 hash:	c4aa5e22525a4c05df2dded4ce8b4adf731b4df0
MD5 hash:	c4af7ce037b81fb9dfe9bec845cc671e
humanhash:	asparagus-paris-don-texas
File name:	chthonic_2.3.4.0.vir
Download:	download sample
Signature	Chthonic Create hunting rule
File size:	131'072 bytes
First seen:	2020-07-19 19:23:25 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	000ebed506fd055a05828b89e89a7b50 (1 x Chthonic)
ssdeep	3072:tWNo5NtFkyULGErnoqUvIntEjAvgQCV5:tWNcNL1ULGEejAvgtV
Threatray	654 similar samples on MalwareBazaar
TLSH	52D36B017DD96CD1CBB1A7744C66CE2A1B34FD148F404E5FA547361928AFEA2B343EA8
Reporter	tildedennis
Tags:	Chthonic

tildedennis

chthonic version 2.3.4.0

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28141/

Detection(s):

SecuriteInfo.com.Downloader.Small.NQS.21152.17836.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Reading critical registry keys

Creating a file

Deleting a recently created file

Reading Telegram data

Running batch commands

Creating a process with a hidden window

Launching a process

Sending a TCP request to an infection source

Stealing user critical data

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.phis.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/390137

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c/

Threat name:

Win32.Backdoor.Andromeda

Status:

Malicious

First seen:

2015-03-07 00:33:00 UTC

AV detection:

38 of 48 (79.17%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion trojan persistence

Link:

https://tria.ge/reports/200719-e991fny2k6/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

System policy modification

Modifies Internet Explorer settings

System policy modification

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Checks whether UAC is enabled

Deletes itself

Adds policy Run key to start application

Disables taskbar notifications via registry modification

Adds policy Run key to start application

Disables taskbar notifications via registry modification

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/chthonic/

Cape

https://www.capesandbox.com/analysis/28141/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample