MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec47184e810be9dda3a85a4ccd42abfffe818b49bd2262774991fec10604dcff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: ec47184e810be9dda3a85a4ccd42abfffe818b49bd2262774991fec10604dcff
SHA3-384 hash: f156efb6025d79db0e6d79a02335ca4de55c5a99d8dfd1c0a03027b1ec78c55b4b2ae1f0b6b5c48d3048d30eb9d6a5c3
SHA1 hash: dcc5632ebdf87c68c5eb52f193651385022a5bdf
MD5 hash: d8adacb5999a4f749cbd433067ba4afa
humanhash: fifteen-single-earth-single
File name:chthonic_2.23.21.2.vir
Download: download sample
Signature Chthonic
File size:1'011'200 bytes
First seen:2020-07-19 19:47:41 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4839be3f75e66450521b9cc0f0611ad0
ssdeep 24576:OYfxusn7g6D8hv/wazsMg76UNPLZ2Cz0yF9L:BfxRnUmG/waVg2UNPLgCzJF
TLSH E425237A9ADD810FE4101270623C5A87986AECDD66402B3D3C5EDD1DE4BA2D7F60371E
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.21.2

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
FR FR
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
92 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 247640 Sample: chthonic_2.23.21.2.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 92 62 Antivirus / Scanner detection for submitted sample 2->62 64 Multi AV Scanner detection for submitted file 2->64 66 Detected non-DNS traffic on DNS port 2->66 68 2 other signatures 2->68 8 JdownloaderI.exe 6 2->8         started        12 chthonic_2.23.21.2.exe 1 10 2->12         started        15 eWindowsSidebar.exe 7 2->15         started        17 2 other processes 2->17 process3 dnsIp4 36 C:\Users\user\AppData\...\7833684333.ocx, PE32 8->36 dropped 48 5 other files (none is malicious) 8->48 dropped 74 Antivirus detection for dropped file 8->74 76 Contains functionality to automate explorer (e.g. start an application) 8->76 78 Writes to foreign memory regions 8->78 19 winver.exe 1 4 8->19         started        60 2.23.21.2 SEABONE-NETTELECOMITALIASPARKLESpAIT European Union 12->60 38 C:\Users\user\AppData\...\JdownloaderI.exe, PE32 12->38 dropped 40 C:\Users\user\AppData\...\756F434D62.ocx, PE32 12->40 dropped 42 C:\Users\user\AppData\...\7536577962.ocx, PE32 12->42 dropped 50 4 other files (none is malicious) 12->50 dropped 80 Creates multiple autostart registry keys 12->80 82 Contains functionality to compare user and computer (likely to detect sandboxes) 12->82 44 C:\Users\user\AppData\...\734D35394E.ocx, PE32 15->44 dropped 46 C:\Users\user\AppData\...\71636A4F53.ocx, PE32 15->46 dropped 52 5 other files (none is malicious) 15->52 dropped 24 winver.exe 15->24         started        file5 signatures6 process7 dnsIp8 54 5.135.183.146, 53, 61820 OVHFR France 19->54 56 34.240.147.125, 53 AMAZON-02US United States 19->56 58 5 other IPs or domains 19->58 32 C:\Users\user\AppData\...\eWindowsSidebar.exe, PE32 19->32 dropped 34 C:\Users\user\AppData\Local\Temp\4096.tmp, PE32 19->34 dropped 70 Creates multiple autostart registry keys 19->70 26 cmd.exe 1 19->26         started        file9 72 Detected non-DNS traffic on DNS port 56->72 signatures10 process11 process12 28 eWindowsSidebar.exe 26->28         started        30 conhost.exe 26->30         started       
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-01-20 02:07:12 UTC
AV detection:
23 of 31 (74.19%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Behaviour
UPX packed file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments