910b71d81c9bff62a80e3771e85bd4a8f18aa878b9860e4f2ba0074650236780 | Triage

Sharing

General

Target

chthonic_2.23.11.4.vir
Size

304KB
Sample

200719-3zax2hg6bx
MD5

4b700c45bc794bbdcb765bbf627b0ed6
SHA1

5528628d9bfa781ba91bd91a6e06383af8ec0c64
SHA256

910b71d81c9bff62a80e3771e85bd4a8f18aa878b9860e4f2ba0074650236780
SHA512

9118e7d446f8a1570b4a8f628a08409eb4f67582ea0fb33198fb49a66a553ecf36eb60c219be97129e300d25c9a414f8003635b749057d9a1193388a22ce5b97

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.23.11.4.vir
- Size
  
  304KB
- MD5
  
  4b700c45bc794bbdcb765bbf627b0ed6
- SHA1
  
  5528628d9bfa781ba91bd91a6e06383af8ec0c64
- SHA256
  
  910b71d81c9bff62a80e3771e85bd4a8f18aa878b9860e4f2ba0074650236780
- SHA512
  
  9118e7d446f8a1570b4a8f628a08409eb4f67582ea0fb33198fb49a66a553ecf36eb60c219be97129e300d25c9a414f8003635b749057d9a1193388a22ce5b97
Score

10^/10

persistence evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

persistenceevasiontrojan