3ba80718b5c68cf563db5bcda51606472b0b1e7bd52f9698383068cb935aad99 | Triage

Submit
Reports

Overview

overview

Static

static

chthonic_2...ir.exe

windows7_x64

chthonic_2...ir.exe

windows10_x64

Sharing

General

Target

chthonic_2.23.17.1.vir
Size

151KB
Sample

200719-lp75ts4alx
MD5

aba6f9b372254cf34879ddc5283927c9
SHA1

f5724a63620621be8930972897da28c088547706
SHA256

3ba80718b5c68cf563db5bcda51606472b0b1e7bd52f9698383068cb935aad99
SHA512

a27be560684162fa3b315c6f7e90435c2e76a35a16e4e004d304d8569c4f22e56fa8711e12ea170e99592ba5f8715a2e26455bf7bc800d85e4aa7e96c87b9ede

Score

10^/10

bootkit evasion persistence ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

chthonic_2.23.17.1.vir.exe

Resource

win7

evasion trojan persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

chthonic_2.23.17.1.vir.exe

Resource

win10

ransomware bootkit evasion trojan persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  chthonic_2.23.17.1.vir
- Size
  
  151KB
- MD5
  
  aba6f9b372254cf34879ddc5283927c9
- SHA1
  
  f5724a63620621be8930972897da28c088547706
- SHA256
  
  3ba80718b5c68cf563db5bcda51606472b0b1e7bd52f9698383068cb935aad99
- SHA512
  
  a27be560684162fa3b315c6f7e90435c2e76a35a16e4e004d304d8569c4f22e56fa8711e12ea170e99592ba5f8715a2e26455bf7bc800d85e4aa7e96c87b9ede
Score

10^/10

evasion trojan persistence ransomware bootkit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Modifies WinLogon to allow AutoLogon
  Enables rebooting of the machine without requiring login credentials.
  ransomware bootkit
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
  evasion trojan
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistence

behavioral2

ransomwarebootkitevasiontrojanpersistence

© 2018-2024

Terms | Privacy