Overview

overview

10

Static

static

chthonic_2...ir.exe

windows7_x64

10

chthonic_2...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    chthonic_2.0.1.0.vir

  • Size

    133KB

  • Sample

    200719-qb3s7jdk1j

  • MD5

    148563b1ca625bbdbb60673db2edb74a

  • SHA1

    8670b4ed16f2d92323f76a403657263b22a1a542

  • SHA256

    cbe916ed6f941dc6e106ef625b972727927cf152e7c94498fc4bbb533ffc30cd

  • SHA512

    8b26fed52f05e4d6780ba20ed19a5501b36d178fb3747264df07b5318142ca96ec6921e4bc985efd0d16a7fdb5869b9259af24fee24283e1d35acc14c29f4e36

Score
10/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      chthonic_2.0.1.0.vir

    • Size

      133KB

    • MD5

      148563b1ca625bbdbb60673db2edb74a

    • SHA1

      8670b4ed16f2d92323f76a403657263b22a1a542

    • SHA256

      cbe916ed6f941dc6e106ef625b972727927cf152e7c94498fc4bbb533ffc30cd

    • SHA512

      8b26fed52f05e4d6780ba20ed19a5501b36d178fb3747264df07b5318142ca96ec6921e4bc985efd0d16a7fdb5869b9259af24fee24283e1d35acc14c29f4e36

    Score
    10/10
    persistenceevasiontrojan

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • UAC bypass

      evasiontrojan

    • Adds policy Run key to start application

      persistence

    • Blacklisted process makes network request

    • Disables taskbar notifications via registry modification

      evasion

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

4
T1112

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks