hancitor | fb6012d83458227eb8b3ba682e54fa2acf3b1d61541dc288414d9e8c0e569de5 | Triage

Submit
Reports

Overview

overview

Static

static

8

0224_89330...44.doc

windows7_x64

0224_89330...44.doc

windows10_x64

Sharing

General

Target

0224_8933018407944.doc
Size

342KB
Sample

210224-hzwcksftq2
MD5

19c828daf23a690433f66c8987f36e0f
SHA1

7d066391f133d9d38d22770c0b6a9c83aa4d3299
SHA256

fb6012d83458227eb8b3ba682e54fa2acf3b1d61541dc288414d9e8c0e569de5
SHA512

ab2cde2d13634c85991bce4e61a7fa7da136b1268fc8e60b65784dfaca8d8e6d10ab870a97c84bfca7940fa3c773d6e96d0f7d44b2688c5041d243b496e99614

Score

10^/10

hancitor 2202_pro23 downloader macro macro_on_action xlm

Static task

static1

macro xlm macro_on_action

Behavioral task

behavioral1

Sample

0224_8933018407944.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0224_8933018407944.doc

Resource

win10v20201028

hancitor 2202_pro23 downloader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2202_pro23

C2

http://aftereand.com/8/forum.php

http://nevemicies.ru/8/forum.php

http://froplivernat.ru/8/forum.php

Targets

- Target
  
  0224_8933018407944.doc
- Size
  
  342KB
- MD5
  
  19c828daf23a690433f66c8987f36e0f
- SHA1
  
  7d066391f133d9d38d22770c0b6a9c83aa4d3299
- SHA256
  
  fb6012d83458227eb8b3ba682e54fa2acf3b1d61541dc288414d9e8c0e569de5
- SHA512
  
  ab2cde2d13634c85991bce4e61a7fa7da136b1268fc8e60b65784dfaca8d8e6d10ab870a97c84bfca7940fa3c773d6e96d0f7d44b2688c5041d243b496e99614
Score

10^/10

hancitor 2202_pro23 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macroxlmmacro_on_action

behavioral1

behavioral2

hancitor2202_pro23downloader

© 2018-2024

Terms | Privacy