06c893904f277dff0e318a0f775bc13322a11573eecc55237d4b55b968ca51ba | Triage

Sharing

General

Target

chthonic_2.1.2.0.vir
Size

140KB
Sample

200719-vw2q2alvn2
MD5

07d81914c4513c32be7e36ae0b6b4604
SHA1

f6856595de408ad73135ab0d1fe58cce73cd4300
SHA256

06c893904f277dff0e318a0f775bc13322a11573eecc55237d4b55b968ca51ba
SHA512

e245e17150917a9dec8161808453579984db2705f49d662d6b0fecc9fc83de9602213caab84c08dca7585f62c589c9c3815908aee73294d532684298b092a106

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.1.2.0.vir
- Size
  
  140KB
- MD5
  
  07d81914c4513c32be7e36ae0b6b4604
- SHA1
  
  f6856595de408ad73135ab0d1fe58cce73cd4300
- SHA256
  
  06c893904f277dff0e318a0f775bc13322a11573eecc55237d4b55b968ca51ba
- SHA512
  
  e245e17150917a9dec8161808453579984db2705f49d662d6b0fecc9fc83de9602213caab84c08dca7585f62c589c9c3815908aee73294d532684298b092a106
Score

10^/10

evasion trojan persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Blacklisted process makes network request
- Disables taskbar notifications via registry modification
  evasion
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Hidden Files and Directories

Modify Registry

Bypass User Account Control

Disabling Security Tools

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistence

behavioral2