MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5b9a8fa88eb68e5b46666e38e99863c886e4e1c4d2cf6a04e0dd8416375c859c
SHA3-384 hash: 3e60e4c27b9c1dd31fba73672eab438a9b2010d5a1b77593670f1272a39fe6180a4028187c3f893af88bfb18ec8e156f
SHA1 hash: c4aa5e22525a4c05df2dded4ce8b4adf731b4df0
MD5 hash: c4af7ce037b81fb9dfe9bec845cc671e
humanhash: asparagus-paris-don-texas
File name:chthonic_2.3.4.0.vir
Download: download sample
Signature Chthonic
File size:131'072 bytes
First seen:2020-07-19 19:23:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 000ebed506fd055a05828b89e89a7b50
ssdeep 3072:tWNo5NtFkyULGErnoqUvIntEjAvgQCV5:tWNcNL1ULGEejAvgtV
TLSH 52D36B017DD96CD1CBB1A7744C66CE2A1B34FD148F404E5FA547361928AFEA2B343EA8
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.3.4.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.phis.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Inject
Status:
Malicious
First seen:
2015-03-07 00:33:00 UTC
AV detection:
20 of 24 (83.33%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Modifies Internet Explorer settings
Modifies Internet Explorer settings
System policy modification
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks whether UAC is enabled
Deletes itself
Deletes itself
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments