General
-
Target
Hs52qascx.dll
-
Size
161KB
-
Sample
210224-k3eqzx5qke
-
MD5
d23d760f8ebdce2ba34acac664a22a62
-
SHA1
38d8cabaeb4c9cb77e5e5ce401db1fd667a54fab
-
SHA256
7fef24d7062d59cd58c5ca9f07eb70461754b3ce93273ca407f3acec2840253f
-
SHA512
5dd68015e2a9e6e53b2e51eada68879c69cec3fbc8ca4dec49a4458f7ed4ffd36d16dbca7ec84f0b5a8444326bf1c061866fd19d69c032204cb7a0b66db84c69
Static task
static1
Behavioral task
behavioral1
Sample
Hs52qascx.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Hs52qascx.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
2202_pro23
http://aftereand.com/8/forum.php
http://nevemicies.ru/8/forum.php
http://froplivernat.ru/8/forum.php
Targets
-
-
Target
Hs52qascx.dll
-
Size
161KB
-
MD5
d23d760f8ebdce2ba34acac664a22a62
-
SHA1
38d8cabaeb4c9cb77e5e5ce401db1fd667a54fab
-
SHA256
7fef24d7062d59cd58c5ca9f07eb70461754b3ce93273ca407f3acec2840253f
-
SHA512
5dd68015e2a9e6e53b2e51eada68879c69cec3fbc8ca4dec49a4458f7ed4ffd36d16dbca7ec84f0b5a8444326bf1c061866fd19d69c032204cb7a0b66db84c69
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-