General
-
Target
4840000.dll
-
Size
28KB
-
Sample
210211-gwk4fc8jhx
-
MD5
1bcde0e0edee04c8e7f29643a28bb77a
-
SHA1
55b7f441669abeea38d59ea0559659942ffdc799
-
SHA256
3e3e650ca027cbea2e8ef42993a9b30512298231cbe140d29ead8c8bb54a1c53
-
SHA512
91141f461a5669d1747741a8b1ff8b5012e5dffbc769b56c4c2328e72b483bc5a71d658ddbf8f9a322173e4bd775bec542cfc37749d82b4f5e80e6fe9ebebf45
Static task
static1
Behavioral task
behavioral1
Sample
4840000.dll
Resource
win7v20201028
Malware Config
Extracted
hancitor
1102_heid89
http://nuencres.com/8/forum.php
http://matuattheires.ru/8/forum.php
http://desuctoette.ru/8/forum.php
Targets
-
-
Target
4840000.dll
-
Size
28KB
-
MD5
1bcde0e0edee04c8e7f29643a28bb77a
-
SHA1
55b7f441669abeea38d59ea0559659942ffdc799
-
SHA256
3e3e650ca027cbea2e8ef42993a9b30512298231cbe140d29ead8c8bb54a1c53
-
SHA512
91141f461a5669d1747741a8b1ff8b5012e5dffbc769b56c4c2328e72b483bc5a71d658ddbf8f9a322173e4bd775bec542cfc37749d82b4f5e80e6fe9ebebf45
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-