General
-
Target
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac
-
Size
717KB
-
Sample
210322-4yfdq5947j
-
MD5
c5792ce2154c652d9102fa4982dcfce3
-
SHA1
32b5eaa378aa90610b40c88b3fbdace3f21b7021
-
SHA256
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac
-
SHA512
b7cfd6246163a784bf94c214bd7e6bb01f458eb03e2eb7708803b2804adce83f9b8922354c2a89e38b02ef045132ff9294796348bda854c6a2fa45d7d1943f48
Static task
static1
Behavioral task
behavioral1
Sample
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac
-
Size
717KB
-
MD5
c5792ce2154c652d9102fa4982dcfce3
-
SHA1
32b5eaa378aa90610b40c88b3fbdace3f21b7021
-
SHA256
121e2902c085cf41c9b9cddab5bf499da02b01f36ef999aa9aa8f7d818a884ac
-
SHA512
b7cfd6246163a784bf94c214bd7e6bb01f458eb03e2eb7708803b2804adce83f9b8922354c2a89e38b02ef045132ff9294796348bda854c6a2fa45d7d1943f48
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-