General
-
Target
W0rd.dll
-
Size
459KB
-
Sample
210113-85g6qzbks2
-
MD5
075ef6a3a24b3c4cfef8e89b8e0836f9
-
SHA1
f689fa2dc167400badf68c8348814fc502d3bd30
-
SHA256
ce2449b7f600b0317614419159e9364e1a76613ac0cb112c88be171638573049
-
SHA512
03f62f12b1bd4740e1d35da2e2087a47eb62477d65bd9a5794b504e5a7badbce7b3de6246e9fd38e5e1f6c9a7484841f5b0914bee39f126d42c9ea71f554319f
Malware Config
Targets
-
-
Target
W0rd.dll
-
Size
459KB
-
MD5
075ef6a3a24b3c4cfef8e89b8e0836f9
-
SHA1
f689fa2dc167400badf68c8348814fc502d3bd30
-
SHA256
ce2449b7f600b0317614419159e9364e1a76613ac0cb112c88be171638573049
-
SHA512
03f62f12b1bd4740e1d35da2e2087a47eb62477d65bd9a5794b504e5a7badbce7b3de6246e9fd38e5e1f6c9a7484841f5b0914bee39f126d42c9ea71f554319f
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-