MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9af00981a1e877ad312b6889ac9252dfff2fa97897064adae80f6be459e5a307. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Chthonic

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	9af00981a1e877ad312b6889ac9252dfff2fa97897064adae80f6be459e5a307
SHA3-384 hash:	7c6b823307ea55acb7a615ed6131dc98f9a78f939b8a5817fc33e6409e079e688675b943e9306d19016b5b591271af25
SHA1 hash:	04df83582eec0b87e295d970a86a41d4528852a2
MD5 hash:	e224fd85695d5e1a734884ab926505bb
humanhash:	kilo-fix-ack-kentucky
File name:	chthonic_2.3.2.0.vir
Download:	download sample
Signature	Chthonic Create hunting rule
File size:	108'544 bytes
First seen:	2020-07-19 17:28:54 UTC
Last seen:	2020-07-19 19:18:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d3f439d5fa66022e29c84ea815201af0 (1 x Chthonic)
ssdeep	3072:ZkibbBpGANjx5esjIcnV31u5Drnqs2JJwIcX1:ZkibbBMANjx5LjPUJAJw
Threatray	2'017 similar samples on MalwareBazaar
TLSH	F6B3E01279D1D533D103937918E8CA92D3AAFD696773C5937FE8628F5B251C9023B283
Reporter	tildedennis
Tags:	Chthonic

tildedennis

chthonic version 2.3.2.0

Intelligence

File Origin

# of uploads :

2

# of downloads :

93

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28001/

Detection(s):

SecuriteInfo.com.Downloader.Small.NQV.8237.8147.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a custom TCP request

Unauthorized injection to a recently created process

Connection attempt to an infection source

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/389986

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9af00981a1e877ad312b6889ac9252dfff2fa97897064adae80f6be459e5a307/

Threat name:

Win32.Downloader.Wauchos

Status:

Malicious

First seen:

2015-03-07 00:33:00 UTC

AV detection:

26 of 31 (83.87%)

Threat level:

2/5

Verdict:

unknown

Similar samples:

2cccc56f00e67c1f5a329b4d4815f736f7c866cc2b50e590341ac2e5cd0a85be

30ea6a6aca06d2cb2b300b84ad3db534e1099b66bddfe22da55ab9d155029e81

49411c035bce033585bf1ab27827abf5ead0c9031064848e08014fb1aee182b3

505d119d07ae831d54801a1a5c39320ec8bbeec8c4ad81f2b60e12ae25b88f8f

8194e62a1164c14371166f2eb5b7e2e3e695537b738826111710375ca565cf09

8dedf7b9a9babc72bdd7744a378402556bac9eac95aa519ac26f945b9c7de410

c7ead8266de17cda17f2c1cf6b146c616a092f2a4d2e59cf80e2815976c5932d

dea3774e5c5ae207131be64dec69219c8e0274ee90efc6914ceaedf551f255c6

e1791b23657d18fc636878f24a44a32f1a2ae4814668600b14b10c03e48c587c

eb3e94888d5e945faf0b570acc1b2a4652f1b92940e8ac1cd62ff756d39aa1a0

+ 2'007 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/200719-kxwsq54sls/

Behaviour

System policy modification

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Program crash

Checks whether UAC is enabled

Deletes itself

Adds policy Run key to start application

Disables taskbar notifications via registry modification

UAC bypass

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9af00981a1e877ad312b6889ac9252dfff2fa97897064adae80f6be459e5a307

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/chthonic/

Cape

Cape

https://www.capesandbox.com/analysis/28001/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample