MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Chthonic

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c
SHA3-384 hash:	2917eed11ca48f256696371767f80a4eb8971237467b6727ac6e2345e7d4fde9b4d0de991e04ea12425bf7d3b2ac9d3c
SHA1 hash:	6c854286bd451e945b963e3944f31260c44e73b2
MD5 hash:	1b4ee19b632f628a009eacdff0639751
humanhash:	hotel-illinois-july-queen
File name:	chthonic_2.23.12.8.vir
Download:	download sample
Signature	Chthonic Create hunting rule
File size:	147'456 bytes
First seen:	2020-07-19 19:44:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	735e36368b35e18582c6068a08a4454d (1 x Chthonic)
ssdeep	3072:GyILnwoK8uHn0nhyExO5VRE2wQJy2LuecKi4B0GjN8qacvA:GyqwoKPH0nhNAE2wQJDLiprpcvA
Threatray	36 similar samples on MalwareBazaar
TLSH	F6E3CF989E470427E4254D70D7D1A6F91BFD1D93B493212FCF44BE2B78A81AC6681EF0
Reporter	tildedennis
Tags:	Chthonic

tildedennis

chthonic version 2.23.12.8

Intelligence

File Origin

# of uploads :

# of downloads :

113

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28358/

Detection(s):

Win.Trojan.Agent-7400979-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Connection attempt to an infection source

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c/

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2017-04-10 03:20:49 UTC

AV detection:

28 of 31 (90.32%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

upx evasion trojan persistence

Link:

https://tria.ge/reports/200719-97tq5vakx2/

Behaviour

System policy modification

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

System policy modification

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of SetThreadContext

Checks whether UAC is enabled

Program crash

Checks whether UAC is enabled

Program crash

Adds policy Run key to start application

Blacklisted process makes network request

UPX packed file

Disables taskbar notifications via registry modification

Adds policy Run key to start application

Disables taskbar notifications via registry modification

UPX packed file

Blacklisted process makes network request

UAC bypass

Modifies Windows Defender Real-time Protection settings

UAC bypass

Modifies Windows Defender Real-time Protection settings

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://zeusmuseum.com/chthonic/

Cape

https://www.capesandbox.com/analysis/28358/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample