General

  • Target

    hancitor.doc

  • Size

    901KB

  • Sample

    210706-yjtwlt6hwe

  • MD5

    9a3f74a7a051a03a434247593d8ed747

  • SHA1

    58f84cb979f0f70cd91d98a254ee1c4fd0c8dcd1

  • SHA256

    b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c

  • SHA512

    42808b1938e381a8954c9641989f03f18258c70d5b5fe40ac60202cc7d55c2b854fabc1e6a84d75b4eecf882b31d5d76736b4b17b399052bf800899d4782edd0

Malware Config

Targets

    • Target

      hancitor.doc

    • Size

      901KB

    • MD5

      9a3f74a7a051a03a434247593d8ed747

    • SHA1

      58f84cb979f0f70cd91d98a254ee1c4fd0c8dcd1

    • SHA256

      b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c

    • SHA512

      42808b1938e381a8954c9641989f03f18258c70d5b5fe40ac60202cc7d55c2b854fabc1e6a84d75b4eecf882b31d5d76736b4b17b399052bf800899d4782edd0

    Score
    10/10
    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks