MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d
SHA3-384 hash: 9f4232de6af3763e7310bd1252309eabe5efcff6b51f1e377aea9b80f203b135f8836d99ab2df65b431c6116683cd10a
SHA1 hash: a1285e8adee08135b3bdd778581e60a9d83af523
MD5 hash: e2f95e7cb5c8118b3db4515028addb1c
humanhash: fix-skylark-uncle-alabama
File name:chthonic_2.0.6.0.vir
Download: download sample
Signature Chthonic
File size:106'496 bytes
First seen:2020-07-19 17:24:52 UTC
Last seen:2020-07-19 19:17:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 497d17c6d35f91c67fd7c26ca538d225
ssdeep 1536:fmQjKFkN+Wy6KK3x/AJUeFn03W1kMNMEPwz7ir9xEcmVE9l8edy6KYJ:eWkkN+ZK3x/AJuCkYM8wz7ExEcr5iYJ
TLSH D2A34A92E57CBDB1C5098F7248F9336BA613B1382C015E0AEA9D12575DBC781BB137CA
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.0.6.0

Intelligence


File Origin
# of uploads :
2
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Wauchos
Status:
Malicious
First seen:
2014-11-29 06:46:00 UTC
AV detection:
23 of 29 (79.31%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of SetWindowsHookEx
System policy modification
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Drops file in Program Files directory
Drops file in Program Files directory
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks whether UAC is enabled
Identifies Wine through registry keys
Identifies Wine through registry keys
Blacklisted process makes network request
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Blacklisted process makes network request
Modifies visiblity of hidden/system files in Explorer
UAC bypass
Modifies visiblity of hidden/system files in Explorer
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments