offer_05634.xlsm

General
Target

offer_05634.xlsm

Size

115KB

Sample

200512-jb5fzqm1fa

Score
10 /10
MD5

3e0bbe29e435b2a5bf66091b2bc4efcf

SHA1

af4abd629cf997d80e2a57a37c4fd6408097e324

SHA256

27ba6b6b56747320708fc658ba659bc5d3f77545453ee879cfc6ae210636786c

SHA512

1acd893cd2d57573221dec7ec553eb7f513902d34c8669c15469ec1ca5829d6524cc5c4623c9cf39e863d6203e83343ac1915d2ee24a6be0a2eafdfa353d5c4c

Malware Config

Extracted

Family hancitor
Botnet 0405_784793234
C2

http://libuions.com/4/forum.php

http://feredrazac.ru/4/forum.php

http://urumerael.ru/4/forum.php

Targets
Target

offer_05634.xlsm

MD5

3e0bbe29e435b2a5bf66091b2bc4efcf

Filesize

115KB

Score
10 /10
SHA1

af4abd629cf997d80e2a57a37c4fd6408097e324

SHA256

27ba6b6b56747320708fc658ba659bc5d3f77545453ee879cfc6ae210636786c

SHA512

1acd893cd2d57573221dec7ec553eb7f513902d34c8669c15469ec1ca5829d6524cc5c4623c9cf39e863d6203e83343ac1915d2ee24a6be0a2eafdfa353d5c4c

Tags

Signatures

  • Hancitor

    Description

    Hancitor is downloader used to deliver other malware families.

    Tags

  • Pony,Fareit

    Description

    Pony is a Remote Access Trojan application that steals information.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Process spawned suspicious child process

    Description

    This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        6/10