Overview

overview

10

Static

static

chthonic_2...ir.exe

windows7_x64

10

chthonic_2...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    chthonic_2.0.6.0.vir

  • Size

    104KB

  • Sample

    200719-chmpnjkl3a

  • MD5

    e2f95e7cb5c8118b3db4515028addb1c

  • SHA1

    a1285e8adee08135b3bdd778581e60a9d83af523

  • SHA256

    7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d

  • SHA512

    0914ec7846c25e0e4bf858ed6f3bf71963f204af6e62dcdf42f1cb2808ad5b7667bf320f3b8a5e6ba38bc530b73b2c8b544adc267e882de920d034ba3a0d59a1

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      chthonic_2.0.6.0.vir

    • Size

      104KB

    • MD5

      e2f95e7cb5c8118b3db4515028addb1c

    • SHA1

      a1285e8adee08135b3bdd778581e60a9d83af523

    • SHA256

      7f12c0d7410edaa780e6b954b5177e9dfec5ad890d58cb64b97d6dca9722fa2d

    • SHA512

      0914ec7846c25e0e4bf858ed6f3bf71963f204af6e62dcdf42f1cb2808ad5b7667bf320f3b8a5e6ba38bc530b73b2c8b544adc267e882de920d034ba3a0d59a1

    Score
    10/10
    evasionpersistencetrojan

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blacklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

4
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

1
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks