95f698955cf8a1adf8991085da2c45f4441e0423b7db42aae3dc0dd6c4dfaa28 | Triage

Sharing

General

Target

chthonic_1.0.0.0.vir
Size

108KB
Sample

200719-1sm7s1ez52
MD5

4fedceb3fef8b8addd7b34b3cae72700
SHA1

0d688c4a150368ba01513aa816ff524d223aaa79
SHA256

95f698955cf8a1adf8991085da2c45f4441e0423b7db42aae3dc0dd6c4dfaa28
SHA512

b8fd269d0876de12bbb5c9ad0d407d3f08c2778c320fdb2443a2a8efcaa17044fbf46a7f419de5d526ac86cce04db6f86e8223c832c0cdc1c26abd4249f90ff0

Score

7^/10

evasion trojan

Malware Config

Targets

- Target
  
  chthonic_1.0.0.0.vir
- Size
  
  108KB
- MD5
  
  4fedceb3fef8b8addd7b34b3cae72700
- SHA1
  
  0d688c4a150368ba01513aa816ff524d223aaa79
- SHA256
  
  95f698955cf8a1adf8991085da2c45f4441e0423b7db42aae3dc0dd6c4dfaa28
- SHA512
  
  b8fd269d0876de12bbb5c9ad0d407d3f08c2778c320fdb2443a2a8efcaa17044fbf46a7f419de5d526ac86cce04db6f86e8223c832c0cdc1c26abd4249f90ff0
Score

7^/10

evasion trojan
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2