General
-
Target
e37509a2e31bf0c61750e42c8b4997647d97008fea5a5d35cc5e6142a6c2c9cb
-
Size
28KB
-
Sample
211101-r6rymsaba8
-
MD5
c5a1ef322041b6fe4e680423dcbb828b
-
SHA1
d903a7b75bfa71945b052f51533c13d33c6b3d62
-
SHA256
e37509a2e31bf0c61750e42c8b4997647d97008fea5a5d35cc5e6142a6c2c9cb
-
SHA512
60a02e429fa59477d180d794c2067da0665af8baf7453d0818d49cc1b340abbcb590b0f04ae50d503d7db423bb19ccd717ce59d433fc7945259dce975866231e
Malware Config
Extracted
hancitor
exp_14
http://spetandserilic.com/4/forum.php
http://theithyosavele.ru/4/forum.php
http://imetionfachoul.ru/4/forum.php
Targets
-
-
Target
e37509a2e31bf0c61750e42c8b4997647d97008fea5a5d35cc5e6142a6c2c9cb
-
Size
28KB
-
MD5
c5a1ef322041b6fe4e680423dcbb828b
-
SHA1
d903a7b75bfa71945b052f51533c13d33c6b3d62
-
SHA256
e37509a2e31bf0c61750e42c8b4997647d97008fea5a5d35cc5e6142a6c2c9cb
-
SHA512
60a02e429fa59477d180d794c2067da0665af8baf7453d0818d49cc1b340abbcb590b0f04ae50d503d7db423bb19ccd717ce59d433fc7945259dce975866231e
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-