d6324644c2a267bea0322c4f817b7a4029129e68959cdeb25f53f8e1f9ddeaad | Triage

Sharing

General

Target

chthonic_2.23.12.10.vir
Size

160KB
Sample

200719-6q8h7w57ns
MD5

bd733b7cb157275ff7a2b2ff287589a0
SHA1

31eb1df25b5f1e799a451ea536f0674042bd19c8
SHA256

d6324644c2a267bea0322c4f817b7a4029129e68959cdeb25f53f8e1f9ddeaad
SHA512

b2341190d6a76e0d1f752f820a8f14f0a3b492e15c5d56a96a82c631e981f8b0e816287e8894ccb2966dc85f8440a6909a0b2f136d61080efcb00b148cf383bd

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.23.12.10.vir
- Size
  
  160KB
- MD5
  
  bd733b7cb157275ff7a2b2ff287589a0
- SHA1
  
  31eb1df25b5f1e799a451ea536f0674042bd19c8
- SHA256
  
  d6324644c2a267bea0322c4f817b7a4029129e68959cdeb25f53f8e1f9ddeaad
- SHA512
  
  b2341190d6a76e0d1f752f820a8f14f0a3b492e15c5d56a96a82c631e981f8b0e816287e8894ccb2966dc85f8440a6909a0b2f136d61080efcb00b148cf383bd
Score

10^/10

persistence evasion trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blacklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasiontrojan

behavioral2

evasiontrojanpersistence