General

  • Target

    msals.pumpl.dll

  • Size

    226KB

  • Sample

    210311-zaxhan211s

  • MD5

    cd115ec22584c5f1e5f4743a381a657f

  • SHA1

    f91e023bcb635e3abe11d800535443bc71e73a47

  • SHA256

    d314bfc2bf3cf2cc426e3818abe0a9a64e5fa439d87f0e482fe1d0f68a2ec6a7

  • SHA512

    aedb4069b6ad159afe82c866a64f3c41c9ce0e1e3afa4812f37e74ce39c197d82d8a47db43d2857ee983463a4cc9e7f5192d89f9fc64bebc6a1867ef517e66c6

Malware Config

Extracted

Family

hancitor

Botnet

1003_1

C2

http://lationvold.com/8/forum.php

http://popubjettor.ru/8/forum.php

http://thabilemithe.ru/8/forum.php

Targets

    • Target

      msals.pumpl.dll

    • Size

      226KB

    • MD5

      cd115ec22584c5f1e5f4743a381a657f

    • SHA1

      f91e023bcb635e3abe11d800535443bc71e73a47

    • SHA256

      d314bfc2bf3cf2cc426e3818abe0a9a64e5fa439d87f0e482fe1d0f68a2ec6a7

    • SHA512

      aedb4069b6ad159afe82c866a64f3c41c9ce0e1e3afa4812f37e74ce39c197d82d8a47db43d2857ee983463a4cc9e7f5192d89f9fc64bebc6a1867ef517e66c6

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

MITRE ATT&CK Matrix

Tasks