MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95f698955cf8a1adf8991085da2c45f4441e0423b7db42aae3dc0dd6c4dfaa28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 95f698955cf8a1adf8991085da2c45f4441e0423b7db42aae3dc0dd6c4dfaa28
SHA3-384 hash: 7f458e1d9f940c360f6e9f3d81bd6f8e7bd51cf89f8a4bd2d15bf52d9cd7f9b35c75f7f2f7ec360c21337831708a08ec
SHA1 hash: 0d688c4a150368ba01513aa816ff524d223aaa79
MD5 hash: 4fedceb3fef8b8addd7b34b3cae72700
humanhash: single-princess-wolfram-louisiana
File name:chthonic_1.0.0.0.vir
Download: download sample
Signature Chthonic
File size:110'592 bytes
First seen:2020-07-19 19:42:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a782eae7bc06846f65e7da3c5e622125
ssdeep 1536:t6QL7x7mtLrj0/S7+9n+0Id3nZiJAfgkhTS37axQuDpy4arJxPB/Kuv:tdstLr4/Q+9+437axQuDpy4a7Bys
TLSH B0B3BE3F65E8DD69D61B8E74605280C8D5327DB5CB32AE0707CB7BE648B971CE824389
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 1.0.0.0

Intelligence


File Origin
# of uploads :
1
# of downloads :
20
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Inject
Status:
Malicious
First seen:
2014-04-19 15:28:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
evasion
Behaviour
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Program crash
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Deletes itself
Identifies Wine through registry keys
Identifies Wine through registry keys
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments