MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: e582fa83c76a826ea19fa01000c0b79ba318802a53c62fc6e8abeec598d9d34c
SHA3-384 hash: 2917eed11ca48f256696371767f80a4eb8971237467b6727ac6e2345e7d4fde9b4d0de991e04ea12425bf7d3b2ac9d3c
SHA1 hash: 6c854286bd451e945b963e3944f31260c44e73b2
MD5 hash: 1b4ee19b632f628a009eacdff0639751
humanhash: hotel-illinois-july-queen
File name:chthonic_2.23.12.8.vir
Download: download sample
Signature Chthonic
File size:147'456 bytes
First seen:2020-07-19 19:44:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 735e36368b35e18582c6068a08a4454d
ssdeep 3072:GyILnwoK8uHn0nhyExO5VRE2wQJy2LuecKi4B0GjN8qacvA:GyqwoKPH0nhNAE2wQJDLiprpcvA
TLSH F6E3CF989E470427E4254D70D7D1A6F91BFD1D93B493212FCF44BE2B78A81AC6681EF0
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.12.8

Intelligence


File Origin
# of uploads :
1
# of downloads :
29
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.troj.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Upatre
Status:
Malicious
First seen:
2017-04-10 03:20:49 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
upx evasion trojan persistence
Behaviour
System policy modification
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Program crash
Checks whether UAC is enabled
Program crash
Adds policy Run key to start application
Blacklisted process makes network request
UPX packed file
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Disables taskbar notifications via registry modification
UPX packed file
Blacklisted process makes network request
UAC bypass
Modifies Windows Defender Real-time Protection settings
UAC bypass
Modifies Windows Defender Real-time Protection settings
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments