b39a13030095984b1a1a5584c8aa7d974a40aa631ef5b27ab933cc5d40799deb | Triage

Submit
Reports

Overview

overview

Static

static

chthonic_2...ir.exe

windows7_x64

chthonic_2...ir.exe

windows10_x64

8

Sharing

General

Target

chthonic_2.23.17.10.vir
Size

1.8MB
Sample

200719-rq4vcw3yy2
MD5

73613b116ebb614b2964038b3f937db0
SHA1

7872e57d9e89fb65f22f51d93a5ac3ca39fc30da
SHA256

b39a13030095984b1a1a5584c8aa7d974a40aa631ef5b27ab933cc5d40799deb
SHA512

5d87c3bf9e438bbee3287d00b267f31d7bcb93b1fbc1fbc6aa2035bc502f5ca73d4e03e2711b6dfc73b06044e746ae15b23b95bf8dce394889073bdc0890b334

Score

10^/10

discovery evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

chthonic_2.23.17.10.vir.exe

Resource

win7

evasion trojan discovery persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

chthonic_2.23.17.10.vir.exe

Resource

win10v200430

persistence discovery

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  chthonic_2.23.17.10.vir
- Size
  
  1.8MB
- MD5
  
  73613b116ebb614b2964038b3f937db0
- SHA1
  
  7872e57d9e89fb65f22f51d93a5ac3ca39fc30da
- SHA256
  
  b39a13030095984b1a1a5584c8aa7d974a40aa631ef5b27ab933cc5d40799deb
- SHA512
  
  5d87c3bf9e438bbee3287d00b267f31d7bcb93b1fbc1fbc6aa2035bc502f5ca73d4e03e2711b6dfc73b06044e746ae15b23b95bf8dce394889073bdc0890b334
Score

10^/10

evasion trojan discovery persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Blacklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

evasiontrojandiscoverypersistence

behavioral2

persistencediscovery

© 2018-2024

Terms | Privacy