General
-
Target
Static.dll
-
Size
210KB
-
Sample
210318-2yghemf5b6
-
MD5
5fcd9629a3bc7f926a3d8d7a514ffe83
-
SHA1
55cd27de305b25e4920aaaecaf3e9ee536c27958
-
SHA256
e8ae373908cc7039bf2be2adb93c650bd4b9c3f4ffa72a638c9ee38e2e5e9d26
-
SHA512
19736add2e41a989237961fef64d79bec35583e875f51671d86a24eb96ba8d2a69963a79937cd978798a1a3a97573602ab1dff3b2e6c2b4b7e7c2393fff4def4
Static task
static1
Behavioral task
behavioral1
Sample
Static.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Static.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
Static.dll
-
Size
210KB
-
MD5
5fcd9629a3bc7f926a3d8d7a514ffe83
-
SHA1
55cd27de305b25e4920aaaecaf3e9ee536c27958
-
SHA256
e8ae373908cc7039bf2be2adb93c650bd4b9c3f4ffa72a638c9ee38e2e5e9d26
-
SHA512
19736add2e41a989237961fef64d79bec35583e875f51671d86a24eb96ba8d2a69963a79937cd978798a1a3a97573602ab1dff3b2e6c2b4b7e7c2393fff4def4
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-