MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc
SHA3-384 hash: 1454b772b752ce0bf3cca1c6b7586c45044a668194803f763d592f151e3df89ad347792ea5a93e15ff834d14909d2242
SHA1 hash: 88308b5ec22c319a51d8077346b9006673af5891
MD5 hash: c1d9f6c4c84646573f8f18337013fa76
humanhash: king-low-robin-zulu
File name:5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc
Download: download sample
File size:167'936 bytes
First seen:2020-10-04 16:32:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fcb00ff7789abce7ee6b60e23e5f1270
ssdeep 3072:FVMdMidQRadkWH7mRdmzaWb8gV6vTNHh4McvT:D4aRKHsdmuW4vTFGvvT
Threatray 2'489 similar samples on MalwareBazaar
TLSH D4F3052A59BE1B2BD170C7F2CFF5E0A7B880D17634119D6329BB971645278137A8323E
Reporter tildedennis
Tags:Chthonic


Avatar
tildedennis
chthonic version 2.4.11.0

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67994/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Launching a process
Creating a file
Windows shutdown
Possible injection to a system process
Unauthorized injection to a system process
Hiding the taskbar notifications
Hiding the Action Center notifications
Blocking the User Account Control
Blocking the Windows Security Center launch
Blocking Windows Firewall launch
Disabling the operating system update service
Enabling autorun
Deleting of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/480902
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an undocumented autostart registry key
Deletes itself after installation
Detected unpacking (changes PE section rights)
Disables the phishing filter of internet explorer 8
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides the Windows control panel from the task bar
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2015-09-19 22:45:40 UTC
AV detection:
31 of 42 (73.81%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
033d1c64c903216b32c03af9406373ab18aff0192e2b0181a5ac5733bbd94238
248ba6c5364fce23c229d458ec8ad46acf075e11eaf81baa4f44b2b9acc3b88d
4dc38cd2854259162ce68bb83f6ce11a755aa96aeba2134cdd18fd69720bece0
5ae1e20709a0557d7d4a90411f73981934d2184d4e6ee18c8a2cfe81a2381452
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
65ecab5671e5b48be60d384016646e40ba26723d68140a9a28663c4238883976
7294bdc3333d08ac9c2397b3555c0126928c13600b23de09f21841cfee83f55a
c3afc46062e988f282b2f82566de29da21a7d37d3e2ebdbb4097a8f23f5e9309
f13e6a63744c56a4815ebc9421b869c5a30a539a4053a6bf057f98cf79c06ed5
fe0e6e3be607ade9869e9d5a06c87f2485aaf35a29691f74354d7e6a386e711a
+ 2'479 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan
Link:
https://tria.ge/reports/201004-sw14dw1e46/
Behaviour
Modifies Internet Explorer Phishing Filter
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
Unpacked files
SH256 hash:
5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc
MD5 hash:
c1d9f6c4c84646573f8f18337013fa76
SHA1 hash:
88308b5ec22c319a51d8077346b9006673af5891
Link:
https://www.unpac.me/results/a8180f45-c238-41e5-803c-cfaf85f69200/
SH256 hash:
3b651f09bf11d8a140be824712ef60752a54d1ad9b58f8f7b80e937f4049dd55
MD5 hash:
4b2d8b17223c32bdd38f377ecc68cf5d
SHA1 hash:
9300a1224777d7ea2cbd34908c13b070e703a8b7
Link:
https://www.unpac.me/results/a8180f45-c238-41e5-803c-cfaf85f69200/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/chthonic/
Cape
Cape
https://www.capesandbox.com/analysis/67994/

Comments