MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd224776b4fb97e51e1d9071c78e506a40c3973e5552ec1ae756fa370363b59d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: fd224776b4fb97e51e1d9071c78e506a40c3973e5552ec1ae756fa370363b59d
SHA3-384 hash: 80d86f2c14f69c65981ac05cce085d169409f59b5774a115a56b6e1725619aff52b0f334c7b2bffb119f4497e7bc9632
SHA1 hash: d4fc90d5b32b164deed74c8cae538035b4f8157d
MD5 hash: 02e09610105c8694b6b8b706f0bd42ce
humanhash: stairway-monkey-tennessee-don
File name:chthonic_2.23.10.3.vir
Download: download sample
Signature Chthonic
File size:211'968 bytes
First seen:2020-07-19 16:49:10 UTC
Last seen:2020-07-19 19:12:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ba9f0f43ec00b77b988ec94e9c3be759
ssdeep 3072:e05s6ERniyCFcPmezXXeJAx+yUjXxSzrMARdD15vQ:eZ1iVFmmezHe4+5LxJAPQ
TLSH F824BF21B5A0CA72D7E200763461CFA27A7978326A746C07FB980FBCAF753D4552A317
Reporter @tildedennis
Tags:Chthonic


Twitter
@tildedennis
chthonic version 2.23.10.3

Intelligence


File Origin
# of uploads :
3
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Unauthorized injection to a recently created process
Connection attempt to an infection source
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2016-07-13 10:05:00 UTC
AV detection:
27 of 31 (87.10%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
System policy modification
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Checks whether UAC is enabled
Checks whether UAC is enabled
Disables taskbar notifications via registry modification
Adds policy Run key to start application
Disables taskbar notifications via registry modification
Adds policy Run key to start application
UAC bypass
Modifies Windows Defender Real-time Protection settings
UAC bypass
Modifies Windows Defender Real-time Protection settings
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments