General

  • Target

    08.jpg.exe

  • Size

    745KB

  • Sample

    210708-53k7hr3l7n

  • MD5

    ed1921467f6784af6bdca40a06a541b5

  • SHA1

    63b70725c3298d5fa17277ec64c77a4b6fbcf697

  • SHA256

    3db14214a9eb98b3b5abffcb314c808a25ed82456ce01251d31e8ea960f6e4e6

  • SHA512

    a30779d84521049f4ceba11b0f0b16430db8a38ff38ab540585c9ae89d7214655e0c5c246e21e97ab65d8f3dc0d472ddb8bda1e01af82e632c66a2ccd159f020

Malware Config

Extracted

Family

hancitor

Botnet

0707in2_wvcr

C2

http://sudepallon.com/8/forum.php

http://anspossthrly.ru/8/forum.php

http://thentabecon.ru/8/forum.php

Targets

    • Target

      08.jpg.exe

    • Size

      745KB

    • MD5

      ed1921467f6784af6bdca40a06a541b5

    • SHA1

      63b70725c3298d5fa17277ec64c77a4b6fbcf697

    • SHA256

      3db14214a9eb98b3b5abffcb314c808a25ed82456ce01251d31e8ea960f6e4e6

    • SHA512

      a30779d84521049f4ceba11b0f0b16430db8a38ff38ab540585c9ae89d7214655e0c5c246e21e97ab65d8f3dc0d472ddb8bda1e01af82e632c66a2ccd159f020

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks