1cd004a6d75bc1ebf7d92ddd6af583caad44dd750906e4797460e7e615e777a7 | Triage

Sharing

General

Target

chthonic_2.23.0.0.vir
Size

134KB
Sample

200719-xhfznmkwgj
MD5

74c2e99266737e7321f9572f93263a17
SHA1

4bcde2c2213a52394714316281ed8631af1c8cbc
SHA256

1cd004a6d75bc1ebf7d92ddd6af583caad44dd750906e4797460e7e615e777a7
SHA512

2336129b6c722e1f781930b4b1adabe44f1c58269f3ecaa27b0536d166f8488ed5223d2d8fe30eecbe8903a13a7870ade2dc61e521474d06ebfb5770e0836d23

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  chthonic_2.23.0.0.vir
- Size
  
  134KB
- MD5
  
  74c2e99266737e7321f9572f93263a17
- SHA1
  
  4bcde2c2213a52394714316281ed8631af1c8cbc
- SHA256
  
  1cd004a6d75bc1ebf7d92ddd6af583caad44dd750906e4797460e7e615e777a7
- SHA512
  
  2336129b6c722e1f781930b4b1adabe44f1c58269f3ecaa27b0536d166f8488ed5223d2d8fe30eecbe8903a13a7870ade2dc61e521474d06ebfb5770e0836d23
Score

10^/10

evasion trojan persistence
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- UAC bypass
  evasion trojan
- Adds policy Run key to start application
  persistence
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Modify Registry

Disabling Security Tools

Bypass User Account Control

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistence

behavioral2

evasiontrojanpersistence