Overview

overview

10

Static

static

chthonic_2...ir.exe

windows7_x64

10

chthonic_2...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    chthonic_2.23.14.2.vir

  • Size

    200KB

  • Sample

    200719-gg448y69vj

  • MD5

    43307a5a45b5a74e9270b5b3d4c67137

  • SHA1

    2fb58a0dc16c9bdc697bf1078f63c657e600faf2

  • SHA256

    3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3

  • SHA512

    1b41a796be7c237c49400db8abadd86e0fc56bfb87e8a7966ad43e2b10292aaf69dbcd2ffbb52ebed66ea1464251da05202729e5922dbb4fd69f9a94d7e89694

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      chthonic_2.23.14.2.vir

    • Size

      200KB

    • MD5

      43307a5a45b5a74e9270b5b3d4c67137

    • SHA1

      2fb58a0dc16c9bdc697bf1078f63c657e600faf2

    • SHA256

      3b1309d5b6b22786209cd378d53cccc323b33ae5e75dac3e07e53b32c46e67d3

    • SHA512

      1b41a796be7c237c49400db8abadd86e0fc56bfb87e8a7966ad43e2b10292aaf69dbcd2ffbb52ebed66ea1464251da05202729e5922dbb4fd69f9a94d7e89694

    Score
    10/10
    evasiontrojanpersistence

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blacklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Deletes itself

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Modify Registry

5
T1112

Disabling Security Tools

2
T1089

Bypass User Account Control

1
T1088

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks