General
-
Target
Static.bin
-
Size
161KB
-
Sample
210224-pgd1a7bt2a
-
MD5
db4c7bcda5020103dec0b78f9b18d8f8
-
SHA1
bfa243215cad48f9f698768a7b81efae9dc6628e
-
SHA256
e809ee9659ec59397d6b81bd7e630c921877f4d3b8fbbb19c13c12e3cf9c84f0
-
SHA512
df9d72d1450bfdff89ef87ee40743a817b75fba3cfcc7c4a2e13047cbfb0675df5495e2f7d0d3b747bde694de8307823ad29056b200caf0563699419f48ebac4
Static task
static1
Behavioral task
behavioral1
Sample
Static.bin.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Static.bin.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
2202_pro23
http://aftereand.com/8/forum.php
http://nevemicies.ru/8/forum.php
http://froplivernat.ru/8/forum.php
Targets
-
-
Target
Static.bin
-
Size
161KB
-
MD5
db4c7bcda5020103dec0b78f9b18d8f8
-
SHA1
bfa243215cad48f9f698768a7b81efae9dc6628e
-
SHA256
e809ee9659ec59397d6b81bd7e630c921877f4d3b8fbbb19c13c12e3cf9c84f0
-
SHA512
df9d72d1450bfdff89ef87ee40743a817b75fba3cfcc7c4a2e13047cbfb0675df5495e2f7d0d3b747bde694de8307823ad29056b200caf0563699419f48ebac4
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-