35396cd9c37aef5c360393e391bbb2acb4956c948e2d061705728002edc068c1 | Triage

Submit
Reports

Overview

overview

Static

static

chthonic_2...ir.exe

windows7_x64

chthonic_2...ir.exe

windows10_x64

Sharing

General

Target

chthonic_2.23.17.5.vir
Size

120KB
Sample

200719-be3mte5eq2
MD5

20634b0d4225cd3d911daf828cb6aa39
SHA1

d396236df73c7d15cf910d6ce3ff4bb75d7e1ebe
SHA256

35396cd9c37aef5c360393e391bbb2acb4956c948e2d061705728002edc068c1
SHA512

5485eea7b0b1f97c3384607c84e71a6a795653f5d802c8269c134a8f4596f5971334893282ade9e8e5f4765b8919793f74147155595ef27b24b7d7d371898668

Score

10^/10

bootkit evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

chthonic_2.23.17.5.vir.exe

Resource

win7v200430

persistence evasion trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

chthonic_2.23.17.5.vir.exe

Resource

win10

persistence evasion trojan ransomware bootkit

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  chthonic_2.23.17.5.vir
- Size
  
  120KB
- MD5
  
  20634b0d4225cd3d911daf828cb6aa39
- SHA1
  
  d396236df73c7d15cf910d6ce3ff4bb75d7e1ebe
- SHA256
  
  35396cd9c37aef5c360393e391bbb2acb4956c948e2d061705728002edc068c1
- SHA512
  
  5485eea7b0b1f97c3384607c84e71a6a795653f5d802c8269c134a8f4596f5971334893282ade9e8e5f4765b8919793f74147155595ef27b24b7d7d371898668
Score

10^/10

persistence evasion trojan ransomware bootkit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasiontrojan

behavioral2

persistenceevasiontrojanransomwarebootkit

© 2018-2024

Terms | Privacy