General
-
Target
Hs52qascx.dll
-
Size
208KB
-
Sample
210217-kdmjmeex8e
-
MD5
064c55b5ed36791e7d6c2090c837dfa7
-
SHA1
fdfa32a3bf9c5618a786a696bacf51f6ade10d7a
-
SHA256
ae33958276faafa8b98ffa961fdf21983c49b25ddc1a805a09e88f721b8bcd31
-
SHA512
1adf8ba9d5f810d78de78398a44f12c341cf2a8bd2964b093f7b08d276cbe7f7f871ad8d55f462d5bbaeb94e0c0277072c60876ab43cff15506af37b4f850a96
Static task
static1
Behavioral task
behavioral1
Sample
Hs52qascx.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Hs52qascx.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
1702_pro23
http://hatuderefer.com/8/forum.php
http://thavelede.ru/8/forum.php
http://zinsubtal.ru/8/forum.php
Targets
-
-
Target
Hs52qascx.dll
-
Size
208KB
-
MD5
064c55b5ed36791e7d6c2090c837dfa7
-
SHA1
fdfa32a3bf9c5618a786a696bacf51f6ade10d7a
-
SHA256
ae33958276faafa8b98ffa961fdf21983c49b25ddc1a805a09e88f721b8bcd31
-
SHA512
1adf8ba9d5f810d78de78398a44f12c341cf2a8bd2964b093f7b08d276cbe7f7f871ad8d55f462d5bbaeb94e0c0277072c60876ab43cff15506af37b4f850a96
Score10/10-
Blocklisted process makes network request
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-