MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Chthonic


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e
SHA3-384 hash: 293222a4a09e2574be102ac6d67e807b589e17531e9ea37a4e526b85d47389592ff07e847ec78fdf79c55496c459191d
SHA1 hash: 93efa0670ef341c0e51a9b146410f69a9199e69d
MD5 hash: 334a321d1771607ef73d2a1eb2216a77
humanhash: green-river-eighteen-ack
File name:chthonic_2.4.3.0.vir
Download: download sample
Signature Chthonic
Create hunting rule
File size:225'280 bytes
First seen:2020-07-19 19:28:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 17f3331ecb4ce7c6c821281026453a1a (1 x Chthonic)
ssdeep 3072:66cqeseH+5haJ+zXBZxovR5agsEMR5AR0E5Gna/JsjZNZdIGc/A94Ee1Jic3EkSo:66cq9eH+5ym5oZ6EM7rE4nSJsw9td
Threatray 146 similar samples on MalwareBazaar
TLSH 6224E123993D9D51C5F146380CF21D760E1EF90BFC4058E76A02BE585A2AB526BE3F1E
Reporter tildedennis
Tags:Chthonic


Avatar
tildedennis
chthonic version 2.4.3.0

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Inject2.BXUE.12885.10216.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a process from a recently created file
Launching a process
Deleting a recently created file
Windows shutdown
Possible injection to a system process
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Unauthorized injection to a system process
Hiding the taskbar notifications
Hiding the Action Center notifications
Blocking the User Account Control
Blocking the Windows Security Center launch
Blocking Windows Firewall launch
Disabling the operating system update service
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/390253
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247309 Sample: chthonic_2.4.3.0.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 41 Antivirus detection for dropped file 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for dropped file 2->45 47 3 other signatures 2->47 9 chthonic_2.4.3.0.exe 2->9         started        process3 dnsIp4 31 2.4.3.0 FranceTelecom-OrangeFR France 9->31 59 Detected unpacking (changes PE section rights) 9->59 61 Detected unpacking (overwrites its own PE header) 9->61 63 Contains functionality to identify kernel process list (PsInitialSystemProcess) 9->63 13 chthonic_2.4.3.0.exe 1 1 9->13         started        signatures5 process6 file7 29 C:\Users\user\Desktop\setap.exe, PE32 13->29 dropped 65 Sleep loop found (likely to delay execution) 13->65 67 Hides that the sample has been downloaded from the Internet (zone.identifier) 13->67 17 setap.exe 13->17         started        signatures8 process9 signatures10 33 Antivirus detection for dropped file 17->33 35 Multi AV Scanner detection for dropped file 17->35 37 Detected unpacking (changes PE section rights) 17->37 39 Machine Learning detection for dropped file 17->39 20 setap.exe 17->20         started        process11 signatures12 49 Writes to foreign memory regions 20->49 23 msiexec.exe 8 2 20->23         started        process13 file14 27 C:\ProgramData\googlebehaviorgraphooglexpers.exe, PE32 23->27 dropped 51 Creates an undocumented autostart registry key 23->51 53 Hides the Windows control panel from the task bar 23->53 55 Disables UAC (registry) 23->55 57 2 other signatures 23->57 signatures15
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e/
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2015-04-13 00:06:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sef5fchho55x2ppzxapd45jhw45dyu4dyxjkuv4j5cq4vegmfb7a._file
Verdict:
malicious
Similar samples:
3bb1bbf49c6e224032025dc7dacb3862e8b16c8b39e5cc19c5aceda4dbc917d9
Chthonic
4480bcbacb98c86980a5d9bd9f62ccc286e2e0e3bf5696991b37720648dcb186
Chthonic
46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df
Chthonic
86800df43cea1afe5f13f471dcfcc0cc6a97b253cc1082002ee9e3567e3ef571
Chthonic
a2e7dd2a1d4dfada76d1cb58d0736805e8372789de39e317a8edb34a313a039c
Chthonic
ac8006c65da9bfedca11b142c2b4cd176c1559e55aef528155136f513abc4494
Chthonic
d6324644c2a267bea0322c4f817b7a4029129e68959cdeb25f53f8e1f9ddeaad
Chthonic
e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c
Chthonic
ebcb76212a57b469c83b1893f3b22c4199e8726495b057e2c45b3ce146f8d4cc
Chthonic
fd224776b4fb97e51e1d9071c78e506a40c3973e5552ec1ae756fa370363b59d
Chthonic
+ 136 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan
Link:
https://tria.ge/reports/200719-pqkpv47zee/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
System policy modification
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks whether UAC is enabled
Loads dropped DLL
Adds policy Run key to start application
Executes dropped EXE
Disables taskbar notifications via registry modification
Executes dropped EXE
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/chthonic/
Cape
Cape
https://www.capesandbox.com/analysis/28194/

Comments