General
-
Target
chthonic_0.3.29.0.vir
-
Size
228KB
-
Sample
200719-7k15r8zyra
-
MD5
a9cedbccefb07a18d56a360be2aeb4bb
-
SHA1
ed6043735ef990b3b9fa5fd53df82b3e577fc02a
-
SHA256
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
-
SHA512
610670b89af3014d303e55f6d90dce22edb9f7ac74e4a9f7c73952875884074180500deb5b8d98ff8824f443de848cce22aee972c9bdd6a6faca588b9bd8ef06
Static task
static1
Behavioral task
behavioral1
Sample
chthonic_0.3.29.0.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
chthonic_0.3.29.0.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
chthonic_0.3.29.0.vir
-
Size
228KB
-
MD5
a9cedbccefb07a18d56a360be2aeb4bb
-
SHA1
ed6043735ef990b3b9fa5fd53df82b3e577fc02a
-
SHA256
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
-
SHA512
610670b89af3014d303e55f6d90dce22edb9f7ac74e4a9f7c73952875884074180500deb5b8d98ff8824f443de848cce22aee972c9bdd6a6faca588b9bd8ef06
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Adds Run key to start application
-