General
-
Target
msals.dll
-
Size
526KB
-
Sample
210324-k7vsyj9tgx
-
MD5
35f5c135418acf35a56983a8a95d4aa1
-
SHA1
341ca3604c3dc9b0687a06b9b840c43bf80a0aa4
-
SHA256
ec422ba6e146b500fd4c1972538418277a851cd7eaf38aaa2a893ad10e841faf
-
SHA512
ba3f938808ed2104689a169fbe9573424d6b698156ae6d21c28d7826ecdd84256826d74d7463900538cf3bf3b90103968c006ce712ccd34ceca085e98f4fc98b
Static task
static1
Behavioral task
behavioral1
Sample
msals.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
msals.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
2203_78291
http://tricilidiany.com/8/forum.php
http://intaticducalso.ru/8/forum.php
http://gloporiente.ru/8/forum.php
Targets
-
-
Target
msals.dll
-
Size
526KB
-
MD5
35f5c135418acf35a56983a8a95d4aa1
-
SHA1
341ca3604c3dc9b0687a06b9b840c43bf80a0aa4
-
SHA256
ec422ba6e146b500fd4c1972538418277a851cd7eaf38aaa2a893ad10e841faf
-
SHA512
ba3f938808ed2104689a169fbe9573424d6b698156ae6d21c28d7826ecdd84256826d74d7463900538cf3bf3b90103968c006ce712ccd34ceca085e98f4fc98b
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-