General
-
Target
Hs52qascx.dll
-
Size
351KB
-
Sample
210225-gfkblxrsc6
-
MD5
4bcf25af987fa12ed441529c4b0293b7
-
SHA1
6832afc831acf8cb7ab0df76ae140093a4ae961b
-
SHA256
5d70694b5395e40edfa8c08b7727d3ceea9de8b17b789727a9234cd4f7f44ed1
-
SHA512
c0da04d503f98923323400996bcf0147f6f67e3fd8bf245cfda3749cf43e31b9c74b83dbada17b84523eb6f215072a67941edb87e7803f877afa6d6f5c66ba06
Static task
static1
Behavioral task
behavioral1
Sample
Hs52qascx.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Hs52qascx.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
2502_ser3402
http://speritentz.com/8/forum.php
http://afternearde.ru/8/forum.php
http://counivicop.ru/8/forum.php
Targets
-
-
Target
Hs52qascx.dll
-
Size
351KB
-
MD5
4bcf25af987fa12ed441529c4b0293b7
-
SHA1
6832afc831acf8cb7ab0df76ae140093a4ae961b
-
SHA256
5d70694b5395e40edfa8c08b7727d3ceea9de8b17b789727a9234cd4f7f44ed1
-
SHA512
c0da04d503f98923323400996bcf0147f6f67e3fd8bf245cfda3749cf43e31b9c74b83dbada17b84523eb6f215072a67941edb87e7803f877afa6d6f5c66ba06
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-