Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Static.dll

  • Size

    351KB

  • Sample

    210225-q4n9vjptge

  • MD5

    f83f57a080a7ae18947658684d275eb2

  • SHA1

    a61d01fb106540fabe402e0cf462b8fb52f3a2fa

  • SHA256

    4b89b68ee6d537954ea5987106f6416665bb5dc641b14861b00414e67732588f

  • SHA512

    83dacd4d8ca99fdbf547db3c49ffbe8f30563730f72af3c2d32e1599ea68a5b617fff518c4d45c99ecf0c704f4e43ee6d7d6a5b796d879aab4850b8b408e009e

Score
10/10
hancitor2502_ser3402downloader

Malware Config

Extracted

Family

hancitor

Botnet

2502_ser3402

C2

http://speritentz.com/8/forum.php

http://afternearde.ru/8/forum.php

http://counivicop.ru/8/forum.php

Targets

    • Target

      Static.dll

    • Size

      351KB

    • MD5

      f83f57a080a7ae18947658684d275eb2

    • SHA1

      a61d01fb106540fabe402e0cf462b8fb52f3a2fa

    • SHA256

      4b89b68ee6d537954ea5987106f6416665bb5dc641b14861b00414e67732588f

    • SHA512

      83dacd4d8ca99fdbf547db3c49ffbe8f30563730f72af3c2d32e1599ea68a5b617fff518c4d45c99ecf0c704f4e43ee6d7d6a5b796d879aab4850b8b408e009e

    Score
    10/10
    hancitor2502_ser3402downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks