MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5453a56e19d83a5f6a9dd3712e4bc7f87f886d8e61135648d4dafc749249fec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c5453a56e19d83a5f6a9dd3712e4bc7f87f886d8e61135648d4dafc749249fec
SHA3-384 hash: f4f0f98554ffd9c4dfbcc4681fb5c65010d17689a6c933fdc7a1bd6313f0d1e60d0d8358af4894ded272ef77bf45970e
SHA1 hash: 638dd465f06f07f8f85342121447563d954c277f
MD5 hash: 22c4b7a4677a3eccfabcbd6830f2cc20
humanhash: queen-magnesium-may-queen
File name:chthonic_2.23.18.18.vir
Download: download sample
Signature Chthonic
File size:532'992 bytes
First seen:2020-07-19 19:46:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 407e99904e6e83dd908ae33ab2f68802
ssdeep 12288:DesQ9gbQZ03AlODvr4T4gtRyozCDWswflIFSrjGFUMoq7MZ:DesQ9IQ2UODU4FukNKIFEjGKMoq
TLSH 0EB4E011B5D68030D5B3927748A9BA91037EBD664F729DDB3BDC0E8C9A744C0AB37B12
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.18.18

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247534 Sample: chthonic_2.23.18.18.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 63 Multi AV Scanner detection for domain / URL 2->63 65 Antivirus / Scanner detection for submitted sample 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 3 other signatures 2->69 8 javaE.exe 6 2->8         started        12 chthonic_2.23.18.18.exe 1 10 2->12         started        15 javaE.exe 2->15         started        process3 dnsIp4 38 C:\Users\user\AppData\Local\...\7939334C.tmp, PE32 8->38 dropped 40 C:\Users\user\AppData\Local\...\6E35764A.tmp, PE32 8->40 dropped 42 C:\Users\user\AppData\Local\...\68525933.tmp, PE32 8->42 dropped 50 3 other files (none is malicious) 8->50 dropped 73 Antivirus detection for dropped file 8->73 75 Detected unpacking (changes PE section rights) 8->75 77 Detected unpacking (overwrites its own PE header) 8->77 83 2 other signatures 8->83 17 winver.exe 2 8->17         started        61 2.23.18.18 SEABONE-NETTELECOMITALIASPARKLESpAIT European Union 12->61 44 C:\Users\user\AppData\Roaming\...\javaE.exe, PE32 12->44 dropped 46 C:\Users\user\AppData\Local\...\7A6F3131.tmp, PE32 12->46 dropped 48 C:\Users\user\AppData\Local\...\7638386B.tmp, PE32 12->48 dropped 52 4 other files (none is malicious) 12->52 dropped 79 Contains functionality to automate explorer (e.g. start an application) 12->79 81 Contains functionality to compare user and computer (likely to detect sandboxes) 12->81 file5 signatures6 process7 dnsIp8 54 178.17.170.179, 53 TRABIAMD Moldova Republic of 17->54 57 108.61.161.119, 53 AS-CHOOPAUS United States 17->57 59 2 other IPs or domains 17->59 28 C:\Users\user\AppData\Local\Temp\AC38.tmp, PE32 17->28 dropped 21 cmd.exe 1 17->21         started        file9 71 Detected non-DNS traffic on DNS port 57->71 signatures10 process11 process12 23 javaE.exe 6 21->23         started        26 conhost.exe 21->26         started        file13 30 C:\Users\user\AppData\Local\...\73783650.tmp, PE32 23->30 dropped 32 C:\Users\user\AppData\Local\...\61305568.tmp, PE32 23->32 dropped 34 C:\Users\user\AppData\Local\...\41635630.tmp, PE32 23->34 dropped 36 3 other files (none is malicious) 23->36 dropped
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2019-07-05 04:43:25 UTC
AV detection:
25 of 28 (89.29%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments