a637d7360ef409b2d9f3038de841583a039287ee7f54d2f634d9cea6c0fd502f | Triage

Submit
Reports

Overview

overview

Static

static

chthonic_2...ir.exe

windows7_x64

chthonic_2...ir.exe

windows10_x64

Sharing

General

Target

chthonic_2.23.15.14.vir
Size

407KB
Sample

200719-8qhp4r2y3n
MD5

878804a067f5d32ba006f57a6635e87e
SHA1

1433f4c575719b8a9269597a997e15ff2420caf5
SHA256

a637d7360ef409b2d9f3038de841583a039287ee7f54d2f634d9cea6c0fd502f
SHA512

707930f022dd4a0595f98c76e8602d8b531c1c7de8c0c311eef082b97fffab67358e7f633541c3afe00e9080d8017eba8e46c89392b5af7eb9e5f838b5f75961

Score

10^/10

bootkit evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

chthonic_2.23.15.14.vir.exe

Resource

win7

evasion trojan persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

chthonic_2.23.15.14.vir.exe

Resource

win10

persistence evasion trojan ransomware bootkit

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  chthonic_2.23.15.14.vir
- Size
  
  407KB
- MD5
  
  878804a067f5d32ba006f57a6635e87e
- SHA1
  
  1433f4c575719b8a9269597a997e15ff2420caf5
- SHA256
  
  a637d7360ef409b2d9f3038de841583a039287ee7f54d2f634d9cea6c0fd502f
- SHA512
  
  707930f022dd4a0595f98c76e8602d8b531c1c7de8c0c311eef082b97fffab67358e7f633541c3afe00e9080d8017eba8e46c89392b5af7eb9e5f838b5f75961
Score

10^/10

evasion trojan persistence ransomware bootkit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Modifies service
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistence

behavioral2

persistenceevasiontrojanransomwarebootkit

© 2018-2024

Terms | Privacy