46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df | Triage

Sharing

General

Target

chthonic_2.4.22.0.vir
Size

188KB
Sample

200719-dmehhhs5da
MD5

3e20db8b47324b00afb542603e7ea98f
SHA1

3df96a679207e82599fac13d707d98829ebd69a3
SHA256

46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df
SHA512

8a958c54ae222877ee123271bca85378545510543c729e290d07f70657865ba4f8c78e60d3a2a4f2f45c39e43e9ed6e8f8de71eff4400daef8979eb4721b42f2

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.4.22.0.vir
- Size
  
  188KB
- MD5
  
  3e20db8b47324b00afb542603e7ea98f
- SHA1
  
  3df96a679207e82599fac13d707d98829ebd69a3
- SHA256
  
  46731281d5af0a524cbc8e459d1a5cd56b64caa9aec824902e53dfb9ccc021df
- SHA512
  
  8a958c54ae222877ee123271bca85378545510543c729e290d07f70657865ba4f8c78e60d3a2a4f2f45c39e43e9ed6e8f8de71eff4400daef8979eb4721b42f2
Score

10^/10

persistence evasion trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasiontrojan

behavioral2

evasiontrojanpersistence