MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc841ea2d1abc98b1e89294c3a0dbef1b04e58b4c9b6f4b0f9ad33adef1d1309. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: cc841ea2d1abc98b1e89294c3a0dbef1b04e58b4c9b6f4b0f9ad33adef1d1309
SHA3-384 hash: 78e92cac1d7b82953e8ff15edd2d6c71ed0403d1952fc134e75f8b67fab42b97d72916e509fe6af191486e7d8914f4af
SHA1 hash: 177aeba07cecfbffb1697e051a9d5b920965813a
MD5 hash: c4b802049dbdf2bb8a299d68715fac43
humanhash: social-mike-cold-carpet
File name:chthonic_2.0.8.1.vir
Download: download sample
Signature Chthonic
File size:222'720 bytes
First seen:2020-07-19 19:41:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a09498ec15c92d559e1005d625874c2d
ssdeep 3072:RiqFKRVUeFjbXDhzu9m1TvJrz88ZD86lRIO8vsGGjnrs3J2AhZ3T:1FYVUeFjrDhzWm15b186lUv+nrs3J2c
TLSH C024C02033F0E976F1E76A3064BA92714D7ABC72A674C00F67445A3E1FB1781E927726
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.0.8.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
18
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Foreign
Status:
Malicious
First seen:
2014-12-27 06:16:45 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
System policy modification
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious behavior: RenamesItself
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System policy modification
Suspicious behavior: RenamesItself
Suspicious behavior: MapViewOfSection
Drops file in Program Files directory
Drops file in Program Files directory
Checks whether UAC is enabled
Checks whether UAC is enabled
Identifies Wine through registry keys
Identifies Wine through registry keys
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Blacklisted process makes network request
Blacklisted process makes network request
Disables taskbar notifications via registry modification
Adds policy Run key to start application
UAC bypass
Modifies visiblity of hidden/system files in Explorer
UAC bypass
Modifies visiblity of hidden/system files in Explorer
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments