MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c63747bc82ad844ffd323ce1038def18ed912a7db1fb7211cdbe1483f8baf819. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: c63747bc82ad844ffd323ce1038def18ed912a7db1fb7211cdbe1483f8baf819
SHA3-384 hash: 5d5f0ba063ba3cadb5dcb126556f7bd25fa99db365a34ddbfd3597aed984a2a63ee09701c3b8637ba7c41d2b33722e6a
SHA1 hash: 0131b44b9e66d339ff99523d0df9b6dcaf6eac2f
MD5 hash: 38e16728716a7888da10c07799565a43
humanhash: video-johnny-alanine-five
File name:chthonic_2.23.18.1.vir
Download: download sample
Signature Chthonic
File size:283'400 bytes
First seen:2020-07-19 19:43:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 57c694be411391d92dab5af4dc3d59fe
ssdeep 3072:KjooehT2doX7ILSjmtcuAoQYztslvFFNnFK2VoQ8iC7EGXT355Mbtr:soom2dQQLJDSu2p8iC7LXr6l
TLSH 3354BE738B388D66C4161F33F0B85964E731E7F949582A2777A23029C89E257216E3F7
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.18.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
26
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2019-02-02 08:45:49 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies registry class
Suspicious use of AdjustPrivilegeToken
System policy modification
Modifies service
Adds Run key to start application
Checks whether UAC is enabled
Windows security modification
Loads dropped DLL
Executes dropped EXE
Disables taskbar notifications via registry modification
Windows security bypass
Modifies Windows Defender Real-time Protection settings
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments