General

  • Target

    0dd7c25fda4b06926ee80afb078ad9353a13a07823a12aa50c05041b550538e8.bin

  • Size

    25KB

  • Sample

    210624-ym3jedr446

  • MD5

    0222a5754d1c4eb7bce692352f9231ff

  • SHA1

    bb8ca743cb422738db767de3d77a812444fdb678

  • SHA256

    0dd7c25fda4b06926ee80afb078ad9353a13a07823a12aa50c05041b550538e8

  • SHA512

    161d89972c485847188313ef193b9bb8b186f573736078cdc66d6fa7409f4af6aaf06341936beef00cc0e90cd65eaac0481093af5e8e0a0674d3ad8e75839b42

Malware Config

Extracted

Family

hancitor

Botnet

2306_vensip

C2

http://extilivelly.com/8/forum.php

http://cludimetifte.ru/8/forum.php

http://sakincesed.ru/8/forum.php

Targets

    • Target

      0dd7c25fda4b06926ee80afb078ad9353a13a07823a12aa50c05041b550538e8.bin

    • Size

      25KB

    • MD5

      0222a5754d1c4eb7bce692352f9231ff

    • SHA1

      bb8ca743cb422738db767de3d77a812444fdb678

    • SHA256

      0dd7c25fda4b06926ee80afb078ad9353a13a07823a12aa50c05041b550538e8

    • SHA512

      161d89972c485847188313ef193b9bb8b186f573736078cdc66d6fa7409f4af6aaf06341936beef00cc0e90cd65eaac0481093af5e8e0a0674d3ad8e75839b42

    Score
    10/10
    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks