General
-
Target
chthonic_2.0.6.0.vir
-
Size
104KB
-
Sample
200719-chmpnjkl3a
-
MD5
e2f95e7cb5c8118b3db4515028addb1c
-
SHA1
a1285e8adee08135b3bdd778581e60a9d83af523
-
SHA256
7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d
-
SHA512
0914ec7846c25e0e4bf858ed6f3bf71963f204af6e62dcdf42f1cb2808ad5b7667bf320f3b8a5e6ba38bc530b73b2c8b544adc267e882de920d034ba3a0d59a1
Static task
static1
Behavioral task
behavioral1
Sample
chthonic_2.0.6.0.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
chthonic_2.0.6.0.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
chthonic_2.0.6.0.vir
-
Size
104KB
-
MD5
e2f95e7cb5c8118b3db4515028addb1c
-
SHA1
a1285e8adee08135b3bdd778581e60a9d83af523
-
SHA256
7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d
-
SHA512
0914ec7846c25e0e4bf858ed6f3bf71963f204af6e62dcdf42f1cb2808ad5b7667bf320f3b8a5e6ba38bc530b73b2c8b544adc267e882de920d034ba3a0d59a1
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Adds policy Run key to start application
-
Blacklisted process makes network request
-
Disables taskbar notifications via registry modification
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of SetThreadContext
-