MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 910bd288e7777b7d3df9b81e3e7527b73a3c5383c5d2aa5789e8a1ca90cc287e
SHA3-384 hash: 293222a4a09e2574be102ac6d67e807b589e17531e9ea37a4e526b85d47389592ff07e847ec78fdf79c55496c459191d
SHA1 hash: 93efa0670ef341c0e51a9b146410f69a9199e69d
MD5 hash: 334a321d1771607ef73d2a1eb2216a77
humanhash: green-river-eighteen-ack
File name:chthonic_2.4.3.0.vir
Download: download sample
Signature Chthonic
File size:225'280 bytes
First seen:2020-07-19 19:28:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 17f3331ecb4ce7c6c821281026453a1a
ssdeep 3072:66cqeseH+5haJ+zXBZxovR5agsEMR5AR0E5Gna/JsjZNZdIGc/A94Ee1Jic3EkSo:66cq9eH+5ym5oZ6EM7rE4nSJsw9td
TLSH 6224E123993D9D51C5F146380CF21D760E1EF90BFC4058E76A02BE585A2AB526BE3F1E
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.4.3.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
17
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a process from a recently created file
Launching a process
Deleting a recently created file
Windows shutdown
Possible injection to a system process
Unauthorized injection to a recently created process
Unauthorized injection to a recently created process by context flags manipulation
Unauthorized injection to a system process
Hiding the taskbar notifications
Hiding the Action Center notifications
Blocking the User Account Control
Blocking the Windows Security Center launch
Blocking Windows Firewall launch
Disabling the operating system update service
Enabling autorun
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247309 Sample: chthonic_2.4.3.0.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 41 Antivirus detection for dropped file 2->41 43 Antivirus / Scanner detection for submitted sample 2->43 45 Multi AV Scanner detection for dropped file 2->45 47 3 other signatures 2->47 9 chthonic_2.4.3.0.exe 2->9         started        process3 dnsIp4 31 2.4.3.0 FranceTelecom-OrangeFR France 9->31 59 Detected unpacking (changes PE section rights) 9->59 61 Detected unpacking (overwrites its own PE header) 9->61 63 Contains functionality to identify kernel process list (PsInitialSystemProcess) 9->63 13 chthonic_2.4.3.0.exe 1 1 9->13         started        signatures5 process6 file7 29 C:\Users\user\Desktop\setap.exe, PE32 13->29 dropped 65 Sleep loop found (likely to delay execution) 13->65 67 Hides that the sample has been downloaded from the Internet (zone.identifier) 13->67 17 setap.exe 13->17         started        signatures8 process9 signatures10 33 Antivirus detection for dropped file 17->33 35 Multi AV Scanner detection for dropped file 17->35 37 Detected unpacking (changes PE section rights) 17->37 39 Machine Learning detection for dropped file 17->39 20 setap.exe 17->20         started        process11 signatures12 49 Writes to foreign memory regions 20->49 23 msiexec.exe 8 2 20->23         started        process13 file14 27 C:\ProgramData\googlebehaviorgraphooglexpers.exe, PE32 23->27 dropped 51 Creates an undocumented autostart registry key 23->51 53 Hides the Windows control panel from the task bar 23->53 55 Disables UAC (registry) 23->55 57 2 other signatures 23->57 signatures15
Threat name:
Win32.Trojan.Injector
Status:
Malicious
First seen:
2015-04-13 00:06:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan
Behaviour
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
System policy modification
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks whether UAC is enabled
Loads dropped DLL
Adds policy Run key to start application
Executes dropped EXE
Disables taskbar notifications via registry modification
Executes dropped EXE
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UAC bypass
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments