hancitor | 7cf777f2e78836e511d0b7433306eb52e8a598525661ac36412ef914a9622e34 | Triage

Sharing

General

Target

7cf777f2e78836e511d0b7433306eb52e8a598525661ac36412ef914a9622e34
Size

25KB
Sample

211101-r6n7rafabl
MD5

019c4917d753016c0647f7f1effb43b6
SHA1

17871a0c80f3ec1962476f26226b268cdf94a532
SHA256

7cf777f2e78836e511d0b7433306eb52e8a598525661ac36412ef914a9622e34
SHA512

35a624855b45be749a2a950e66d3eba9bc5b5da6a18e25e8030320738bb02465bf42289b0f681ec5443ce36e536ab35229045806be1efff301408e01589f0313

Score

10^/10

hancitor 0411_2

Malware Config

Extracted

Family

hancitor

Botnet

0411_2

C2

http://dirtroadpestle.com/7/forum.php

http://rounzabout.ru/7/forum.php

http://megalodonjet.ru/7/forum.php

Targets

- Target
  
  7cf777f2e78836e511d0b7433306eb52e8a598525661ac36412ef914a9622e34
- Size
  
  25KB
- MD5
  
  019c4917d753016c0647f7f1effb43b6
- SHA1
  
  17871a0c80f3ec1962476f26226b268cdf94a532
- SHA256
  
  7cf777f2e78836e511d0b7433306eb52e8a598525661ac36412ef914a9622e34
- SHA512
  
  35a624855b45be749a2a950e66d3eba9bc5b5da6a18e25e8030320738bb02465bf42289b0f681ec5443ce36e536ab35229045806be1efff301408e01589f0313
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2