51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4 | Triage

Sharing

General

Target

chthonic_0.3.29.0.vir
Size

228KB
Sample

200719-7k15r8zyra
MD5

a9cedbccefb07a18d56a360be2aeb4bb
SHA1

ed6043735ef990b3b9fa5fd53df82b3e577fc02a
SHA256

51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
SHA512

610670b89af3014d303e55f6d90dce22edb9f7ac74e4a9f7c73952875884074180500deb5b8d98ff8824f443de848cce22aee972c9bdd6a6faca588b9bd8ef06

Score

8^/10

evasion persistence

Malware Config

Targets

- Target
  
  chthonic_0.3.29.0.vir
- Size
  
  228KB
- MD5
  
  a9cedbccefb07a18d56a360be2aeb4bb
- SHA1
  
  ed6043735ef990b3b9fa5fd53df82b3e577fc02a
- SHA256
  
  51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
- SHA512
  
  610670b89af3014d303e55f6d90dce22edb9f7ac74e4a9f7c73952875884074180500deb5b8d98ff8824f443de848cce22aee972c9bdd6a6faca588b9bd8ef06
Score

8^/10

evasion persistence
- Executes dropped EXE
- Deletes itself
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence