General
-
Target
test.doc
-
Size
1.3MB
-
Sample
210506-lbf9dx3lse
-
MD5
693df6e9f5dc0cd3ed4c6ede503ce8bc
-
SHA1
6cf0cdcae848f850a2c6aad0ebf1329c9801036c
-
SHA256
371357b50b0b673d30e42f68d65987dd340e7eacd482c4a5fdbf0f12a2cb2bf6
-
SHA512
b1209ffd96d58da26f629e45680b67ff851dcf080039fe0fa4be0f1e056940f5c4db274f49960ef587bb06c20ee58adc37840fcea2423405277831054480174d
Malware Config
Targets
-
-
Target
test.doc
-
Size
1.3MB
-
MD5
693df6e9f5dc0cd3ed4c6ede503ce8bc
-
SHA1
6cf0cdcae848f850a2c6aad0ebf1329c9801036c
-
SHA256
371357b50b0b673d30e42f68d65987dd340e7eacd482c4a5fdbf0f12a2cb2bf6
-
SHA512
b1209ffd96d58da26f629e45680b67ff851dcf080039fe0fa4be0f1e056940f5c4db274f49960ef587bb06c20ee58adc37840fcea2423405277831054480174d
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-