General

  • Target

    0706_35014509110315.doc

  • Size

    901KB

  • Sample

    210706-p91t59l47x

  • MD5

    c20dc6f1340f89a35f43c110ee904124

  • SHA1

    f06b6bca9090f63e43151114b482e863cd5f5f2e

  • SHA256

    c86648f2699bfc4108c39b413374976eb7d1d1dbf8fbf275a9aa25c11ce836c4

  • SHA512

    80f573053b14d92b0db43fd285fe12eb3359d872893cc6a8f0b4b8d8770b10eeb13958691c75a49e7f93ca52a438bc7304595e0a28761c7be1a97cee3fbc6553

Malware Config

Targets

    • Target

      0706_35014509110315.doc

    • Size

      901KB

    • MD5

      c20dc6f1340f89a35f43c110ee904124

    • SHA1

      f06b6bca9090f63e43151114b482e863cd5f5f2e

    • SHA256

      c86648f2699bfc4108c39b413374976eb7d1d1dbf8fbf275a9aa25c11ce836c4

    • SHA512

      80f573053b14d92b0db43fd285fe12eb3359d872893cc6a8f0b4b8d8770b10eeb13958691c75a49e7f93ca52a438bc7304595e0a28761c7be1a97cee3fbc6553

    Score
    10/10
    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks