MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb
SHA3-384 hash: cc0736c2a58c36b27a81dadb30dc9199cdaccfce795da200b17ec5ec24b5d3068439e37c6d51af596852cad88d335793
SHA1 hash: ec800fe0106148a81dd67f6cded226bf42749b39
MD5 hash: 0b792bed7dcf7fcbf2a37916da044610
humanhash: coffee-florida-tennessee-autumn
File name:89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb
Download: download sample
File size:163'840 bytes
First seen:2020-10-04 16:36:20 UTC
Last seen:2020-10-04 17:36:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash e1ad6464572cfb66df8f36f03c295e11
ssdeep 3072:tCRyhifpOkVS5qWJc2P1msvovnPm+SYDe3pNozd0:t6yhEix4QpNozd
Threatray 2'318 similar samples on MalwareBazaar
TLSH 5DF31A3E4ABC9E29D1B4D6758BC04427B884C53B740159136ECBDB2A87B2E6672D312F
Reporter tildedennis
Tags:Chthonic


Avatar
tildedennis
chthonic version 2.4.12.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67995/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Unauthorized injection to a recently created process
Launching a process
Creating a file
Windows shutdown
Possible injection to a system process
Unauthorized injection to a system process
Hiding the taskbar notifications
Hiding the Action Center notifications
Blocking the User Account Control
Blocking the Windows Security Center launch
Blocking Windows Firewall launch
Disabling the operating system update service
Enabling autorun
Deleting of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.phis.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/480904
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an undocumented autostart registry key
Deletes itself after installation
Detected unpacking (changes PE section rights)
Disables the phishing filter of internet explorer 8
Hides that the sample has been downloaded from the Internet (zone.identifier)
Hides the Windows control panel from the task bar
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Potential malicious icon found
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb/
Threat name:
Win32.Infostealer.PonyStealer
Create hunting rule
Status:
Malicious
First seen:
2015-10-01 14:21:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1ea315e9248f2e83decd8b9a73335ce654e787c42083c6e21566cd9bc2f93eed
5ec112046c09ca54b9f8f4e63583f3688612ed3721dc676f6849d62e1b7584cc
60201a00a9f96b8efea761e31e3483a7a5bfd04ad66f766b3dd7b24e00664069
77cd698dd8da0266aca9be3942b70558c060cbd5dca39450fbbab461f4b06b92
86800df43cea1afe5f13f471dcfcc0cc6a97b253cc1082002ee9e3567e3ef571
96d15bb3fe99161d651573512abb94b55f9b88e72c3a34d52eb4ce7574da8db7
9a44822008b9184aa988783e60654bf9d9311cb43fe96711e7cfe7aaf4e7756b
cf02bb3aa058cc571d6c3368f98a96fefa3db05a813ea479d002edc1c3cbdb95
eaab0de271ab0a0a59a3db2c79ec4e0b9c6f645d4c49bb0deadb3c3469fb19a8
f2f2480af56f120f4d1f6586940ed898766a86509a2de41c5fea7f305d21b6fe
+ 2'308 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Link:
https://tria.ge/reports/201004-pmvwh17td6/
Behaviour
Modifies Internet Explorer Phishing Filter
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Deletes itself
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
Unpacked files
SH256 hash:
89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb
MD5 hash:
0b792bed7dcf7fcbf2a37916da044610
SHA1 hash:
ec800fe0106148a81dd67f6cded226bf42749b39
Link:
https://www.unpac.me/results/efad41fb-cd51-466b-b412-70dcb44c1c80/
SH256 hash:
450dd0b1af1f1872a948caa75f20278182cef570fe463cbb31e483b6cc6336fd
MD5 hash:
7ba35970165e1f26d0098697f15425ca
SHA1 hash:
64e854acde7222169338432d9b06ebaacd598909
Link:
https://www.unpac.me/results/efad41fb-cd51-466b-b412-70dcb44c1c80/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Scar
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/89b7c3305c4a45b9ef25eb9688b68744804c0beda4e884393e0f47d1b3f302eb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/chthonic/
Cape
Cape
https://www.capesandbox.com/analysis/67995/

Comments