General
-
Target
triage_dropped_file
-
Size
291KB
-
Sample
210707-458t1thzkx
-
MD5
0596744a0d841da80190069d626eb899
-
SHA1
2e1d746e7ea15e94b3a22c66cf1c40d8f0a931fa
-
SHA256
d6c7b5f170665c8efc084b4f841ea26c4bfa6f7ed9ed6cbc6712c0a0788ae3cb
-
SHA512
c97c4491d615b868c9eb94b4703ee52ada1e0f31d3cad357b217287a0c716125a5c246edf5182189514062d8e0228b421afdc13df462fb64676a355b7ba360af
Static task
static1
Behavioral task
behavioral1
Sample
triage_dropped_file.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
triage_dropped_file.dll
Resource
win10v20210408
Malware Config
Extracted
hancitor
0607_qxwd0
http://hosouggs.com/8/forum.php
http://mancause.ru/8/forum.php
http://hievescits.ru/8/forum.php
Targets
-
-
Target
triage_dropped_file
-
Size
291KB
-
MD5
0596744a0d841da80190069d626eb899
-
SHA1
2e1d746e7ea15e94b3a22c66cf1c40d8f0a931fa
-
SHA256
d6c7b5f170665c8efc084b4f841ea26c4bfa6f7ed9ed6cbc6712c0a0788ae3cb
-
SHA512
c97c4491d615b868c9eb94b4703ee52ada1e0f31d3cad357b217287a0c716125a5c246edf5182189514062d8e0228b421afdc13df462fb64676a355b7ba360af
Score10/10-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-