General

  • Target

    file

  • Size

    901KB

  • Sample

    210706-hcpx1nx72s

  • MD5

    94bc2648308a61ff0c80f00d485122a6

  • SHA1

    9e6709b7553cac06add285c46905cdb4e6be6210

  • SHA256

    4a68e284c206b9feb5a81d2235a338195db6982c439d088d357fdfb69630f15b

  • SHA512

    9516d587e59ac6f49030c49fe06ad1f0cedcf8e63d0523df7c6e5a2d486413ca6405192e215b732beae9ed10774c4ca342cf13dfd4f23e18bc16ef1e84e859c0

Malware Config

Targets

    • Target

      file

    • Size

      901KB

    • MD5

      94bc2648308a61ff0c80f00d485122a6

    • SHA1

      9e6709b7553cac06add285c46905cdb4e6be6210

    • SHA256

      4a68e284c206b9feb5a81d2235a338195db6982c439d088d357fdfb69630f15b

    • SHA512

      9516d587e59ac6f49030c49fe06ad1f0cedcf8e63d0523df7c6e5a2d486413ca6405192e215b732beae9ed10774c4ca342cf13dfd4f23e18bc16ef1e84e859c0

    Score
    10/10
    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks