b11f073b3d938fec77b84fd0cac1ed861451a33f5e1030b1f63574ea491032b3 | Triage

Sharing

General

Target

chthonic_2.23.15.2.vir
Size

376KB
Sample

200719-kxznq5ttqa
MD5

d991dc65d24d866e37a41006c15756aa
SHA1

ed46844d9a51d083f8b149c4f252bad34bbc7b1e
SHA256

b11f073b3d938fec77b84fd0cac1ed861451a33f5e1030b1f63574ea491032b3
SHA512

67d29c92c7127967663702f16d5e88c59dffbe0b0b7b9b143635b456b2155c18b63449b3cf003ac3194f2802b6f0dc0c7d3f33b5be215a1075920d10cf2dcbef

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.23.15.2.vir
- Size
  
  376KB
- MD5
  
  d991dc65d24d866e37a41006c15756aa
- SHA1
  
  ed46844d9a51d083f8b149c4f252bad34bbc7b1e
- SHA256
  
  b11f073b3d938fec77b84fd0cac1ed861451a33f5e1030b1f63574ea491032b3
- SHA512
  
  67d29c92c7127967663702f16d5e88c59dffbe0b0b7b9b143635b456b2155c18b63449b3cf003ac3194f2802b6f0dc0c7d3f33b5be215a1075920d10cf2dcbef
Score

10^/10

persistence evasion trojan
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Modifies security service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Blacklisted process makes network request
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistenceevasiontrojan

behavioral2

evasiontrojanpersistence