hancitor | e9e50934dd76164022730125fc00cbe2467afd6e234d2c4873273d4bc6acafe8 | Triage

Submit
Reports

Overview

overview

Static

static

0304_56958...81.doc

windows7_x64

0304_56958...81.doc

windows10_x64

Sharing

General

Target

0304_56958375050481.doc
Size

743KB
Sample

210304-hqjarxddbe
MD5

7ba91fe733a2b27af2c602525151305d
SHA1

0c4f2f591db5e0bd0ce580649582f818a9da5179
SHA256

e9e50934dd76164022730125fc00cbe2467afd6e234d2c4873273d4bc6acafe8
SHA512

9d524efdcb0744e3a8b3bf13b234d8e9f595354ad3d143177e2da3ad9248122d403d596e38fa5055150eecc5866257c2f90bf6fdb9309acd5c67321b480ca4aa

Score

10^/10

hancitor 0403_nores34 downloader

Static task

static1

Behavioral task

behavioral1

Sample

0304_56958375050481.doc

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0304_56958375050481.doc

Resource

win10v20201028

hancitor 0403_nores34 downloader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

0403_nores34

C2

http://throsesspeotte.com/8/forum.php

http://imilifeesinci.ru/8/forum.php

http://publearysuc.ru/8/forum.php

Targets

- Target
  
  0304_56958375050481.doc
- Size
  
  743KB
- MD5
  
  7ba91fe733a2b27af2c602525151305d
- SHA1
  
  0c4f2f591db5e0bd0ce580649582f818a9da5179
- SHA256
  
  e9e50934dd76164022730125fc00cbe2467afd6e234d2c4873273d4bc6acafe8
- SHA512
  
  9d524efdcb0744e3a8b3bf13b234d8e9f595354ad3d143177e2da3ad9248122d403d596e38fa5055150eecc5866257c2f90bf6fdb9309acd5c67321b480ca4aa
Score

10^/10

hancitor 0403_nores34 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

hancitor0403_nores34downloader

© 2018-2024

Terms | Privacy