General

  • Target

    6687482258948096.zip

  • Size

    774KB

  • Sample

    210626-pfdffzblaa

  • MD5

    5b59c68e3329ce82a546eada44ffdd10

  • SHA1

    0e5ed658cb4269825a02b86b268f00378aa3961a

  • SHA256

    b28a7366e6345dee3ab973b94b1b995be7364f65ee395b0291d6d41c837d8d0c

  • SHA512

    97be31abe9cf27e7874271d27eff874d576c139e9f1404ae6236cb2f41b8ba593ef0b05a2ffb927a563d77015adcd2ace4f3feca680f913dc02dba627b2c3d6c

Malware Config

Targets

    • Target

      b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc

    • Size

      973KB

    • MD5

      a240ab65fe550a5e864948ffe28b65e4

    • SHA1

      369d257bcbdd43c9d21d353435c0d8430c9967c2

    • SHA256

      b55a8aaac66e776570670f279cb26356cd07f3b8032b3433b9d605db93f584cc

    • SHA512

      6f378c433715817818f4e2ae9ab9b6912fc00032945648f6bf91def1dc848f659e2a76098e618b759643a196cc81b1fb20eb82d03fb145984961ed5df31d986b

    Score
    10/10
    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks