General
-
Target
0204_29391772538951.doc
-
Size
368KB
-
Sample
210204-n3e8cd3zqs
-
MD5
b17ecf80cb701b9c4c61986e93263a1c
-
SHA1
c309e84f6f98ba830ce6f883fa9789ac01dff1b5
-
SHA256
ca4c5022a70776118e9ff8bbf39a08c17a0af43329ff19fefc19ba782e6c3207
-
SHA512
88b1d49ef505c17bd7db74c368d75abfe0dd50392c72c3ec59782a4f4109a296a977bb158da46717e8eca6112de6c8f39bf37529531fa3917e2735dd260906b5
Malware Config
Extracted
hancitor
0402_pogi
http://feirecropl.com/8/forum.php
http://oresteseu.ru/8/forum.php
http://respoishis.ru/8/forum.php
Targets
-
-
Target
0204_29391772538951.doc
-
Size
368KB
-
MD5
b17ecf80cb701b9c4c61986e93263a1c
-
SHA1
c309e84f6f98ba830ce6f883fa9789ac01dff1b5
-
SHA256
ca4c5022a70776118e9ff8bbf39a08c17a0af43329ff19fefc19ba782e6c3207
-
SHA512
88b1d49ef505c17bd7db74c368d75abfe0dd50392c72c3ec59782a4f4109a296a977bb158da46717e8eca6112de6c8f39bf37529531fa3917e2735dd260906b5
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-