General
-
Target
wininit.dll
-
Size
617KB
-
Sample
210408-t1j52kzc6j
-
MD5
9b33f2c41c7458ebd406d3a9a9e25907
-
SHA1
9146dd7ba53d03b51c0d5fe8057de577a7a21190
-
SHA256
796cf06c724edaf7dc746a560d77ccf0ca39972849137cae8a95be13786956a3
-
SHA512
7e243551bbbf3fbcbfd07b684691b045420a28a748ee74cbfd9a1aa5934bf2153f20c29a582e65a2da6d9a45515c72c7b150a520cef76daa6226364f1c853847
Static task
static1
Behavioral task
behavioral1
Sample
wininit.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
wininit.dll
Resource
win10v20201028
Malware Config
Extracted
hancitor
0804_cifp
http://lerevahel.com/8/forum.php
http://lerevahel.ru/8/forum.php
http://metatussi.ru/8/forum.php
Targets
-
-
Target
wininit.dll
-
Size
617KB
-
MD5
9b33f2c41c7458ebd406d3a9a9e25907
-
SHA1
9146dd7ba53d03b51c0d5fe8057de577a7a21190
-
SHA256
796cf06c724edaf7dc746a560d77ccf0ca39972849137cae8a95be13786956a3
-
SHA512
7e243551bbbf3fbcbfd07b684691b045420a28a748ee74cbfd9a1aa5934bf2153f20c29a582e65a2da6d9a45515c72c7b150a520cef76daa6226364f1c853847
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-