General

  • Target

    chthonic_2.23.20.3.vir

  • Size

    531KB

  • Sample

    200719-1y13h8wgyj

  • MD5

    e9fe4925d273ae94a34d8a13b9ceff52

  • SHA1

    9ef3857d88ea840504e9fe96f97e5e19dc782ef4

  • SHA256

    4db9e6043c7ddc8a04114e731a22d16d4cba065931b2cebd4dc61570e5c45c4b

  • SHA512

    10bce84ba0c0907faab5a8a67099077582f2eed4fd73aaf322c60077b5935c47ed04033ff2e1883083fe33011b4b3968181419a42239b8b7fae70a3ef1341a11

Malware Config

Targets

    • Target

      chthonic_2.23.20.3.vir

    • Size

      531KB

    • MD5

      e9fe4925d273ae94a34d8a13b9ceff52

    • SHA1

      9ef3857d88ea840504e9fe96f97e5e19dc782ef4

    • SHA256

      4db9e6043c7ddc8a04114e731a22d16d4cba065931b2cebd4dc61570e5c45c4b

    • SHA512

      10bce84ba0c0907faab5a8a67099077582f2eed4fd73aaf322c60077b5935c47ed04033ff2e1883083fe33011b4b3968181419a42239b8b7fae70a3ef1341a11

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Winlogon Helper DLL

1
T1004

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Tasks