MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e097234f7020f7f728106ac2648d5a77f19004bdea67c3f14a6b373575bf7af2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: e097234f7020f7f728106ac2648d5a77f19004bdea67c3f14a6b373575bf7af2
SHA3-384 hash: 63133799213052297c6d75eb1d2aeccde7281165da73908ee23c52214d42db3bcaa023405b2f6d42b9ce9d6ba536138e
SHA1 hash: 32b93a7c8d901cfc6ee01fd0f1110e2cc9b9deed
MD5 hash: a7ff128bb60cde180d2eea63313f59bb
humanhash: football-glucose-island-idaho
File name:chthonic_2.23.11.3.vir
Download: download sample
Signature Chthonic
File size:234'496 bytes
First seen:2020-07-19 17:31:22 UTC
Last seen:2020-07-19 19:19:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 963be88c19d03ff5d65698b4e02e08fc
ssdeep 3072:UIwBKMCcXmUdp6LmWRXPnW+KRqrkTJLHTisCKo5P50W:UIQTXm4p6iefnWNvJLziGiCW
TLSH AB34BFB1B2F1D832D45650BA8117CAA94F7A78351AA7918BFFD40A2C5F306E2D71A313
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.11.3

Intelligence


File Origin
# of uploads :
2
# of downloads :
19
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Running batch commands
Creating a process with a hidden window
Launching a process
Sending a TCP request to an infection source
Stealing user critical data
Threat name:
Win32.Trojan.Farfli
Status:
Malicious
First seen:
2016-10-09 02:28:00 UTC
AV detection:
24 of 29 (82.76%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Modifies Internet Explorer settings
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Checks whether UAC is enabled
Checks whether UAC is enabled
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Modifies Windows Defender Real-time Protection settings
UAC bypass
Modifies Windows Defender Real-time Protection settings
UAC bypass
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments