General

  • Target

    msals.pumpl.dll

  • Size

    349KB

  • Sample

    210330-dqvna8v8zn

  • MD5

    2562937a5544307932de1a4fd4ebcd1f

  • SHA1

    09622551955456b6f7dc2f93f1d15360451563e7

  • SHA256

    2e1d1aa97955e5a633b0a9f084db2763153ed299016fefd249b137b36a6444bc

  • SHA512

    ba6895dc3cd2c455a947da4e5fbd5a2b3913f26d68b21fc1e9bae1630f5d07d56b27de73ba0dc2bf6958bd3182364f1f5b5f788a152be4968f74497d437058cf

Malware Config

Extracted

Family

hancitor

Botnet

3003_verio

C2

http://stionicksilid.com/8/forum.php

http://succupenous.ru/8/forum.php

http://cappiasstising.ru/8/forum.php

Targets

    • Target

      msals.pumpl.dll

    • Size

      349KB

    • MD5

      2562937a5544307932de1a4fd4ebcd1f

    • SHA1

      09622551955456b6f7dc2f93f1d15360451563e7

    • SHA256

      2e1d1aa97955e5a633b0a9f084db2763153ed299016fefd249b137b36a6444bc

    • SHA512

      ba6895dc3cd2c455a947da4e5fbd5a2b3913f26d68b21fc1e9bae1630f5d07d56b27de73ba0dc2bf6958bd3182364f1f5b5f788a152be4968f74497d437058cf

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

MITRE ATT&CK Matrix

Tasks