MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5c5eace359aec6749e2f0916424f1284ecb5cf4f3b7d2678dd3fc1907925cec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: f5c5eace359aec6749e2f0916424f1284ecb5cf4f3b7d2678dd3fc1907925cec
SHA3-384 hash: 6d3392c69526847d09f163899e2010a6374d85db3c34181e36da9157e4cb98d16c1a36c57d1bf85b8f63523500c05b49
SHA1 hash: f54cab9b16699df4f7426d3906062bf780039111
MD5 hash: ba0af99c6373df740cc659bbab0782a1
humanhash: december-georgia-tennis-north
File name:chthonic_2.23.15.1.vir
Download: download sample
Signature VirLock
File size:328'704 bytes
First seen:2020-07-19 19:23:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8bf58cc96479ac069279e04818684941
ssdeep 6144:YcKAJHeVxcqeAszGvvboelOBVzuLKjMM7a2ieATssghXwBN3R:zKA5SWjAsivjoeoBBOKjM4a2LATssgGL
TLSH FD649D75B240C8BEF03A1D754672C5E14A35BC3166B2166B338CBE3D5EB2982496FB43
Reporter @tildedennis
Tags:Chthonic VirLock


Twitter
@tildedennis
chthonic version 2.23.15.1

Intelligence


File Origin
# of uploads :
1
# of downloads :
21
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Modifying an executable file
Launching a process
Windows shutdown
Unauthorized injection to a system process
Blocking the User Account Control
Hiding the taskbar notifications
Hiding the Action Center notifications
Threat name:
Win32.Trojan.Upatre
Status:
Malicious
First seen:
2017-07-21 01:59:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level
  2/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion trojan persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Checks whether UAC is enabled
Checks whether UAC is enabled
Adds policy Run key to start application
Adds policy Run key to start application
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments