Overview

overview

10

Static

static

gelfor.dap.dll

windows7_x64

10

gelfor.dap.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gelfor.dap

  • Size

    696KB

  • Sample

    211103-sa1rcaeae9

  • MD5

    522d9c5981133e496fb4d21ee2dc54a2

  • SHA1

    2c0f7b0ba7c561cd65f02872fcaacef14663923b

  • SHA256

    d83fbc9534957dd464cbc7cd2797d3041bd0d1a72b213b1ab7bccaec34359dbb

  • SHA512

    10d336a68bafb412970318ed64fbba1c4387c0db34462eeb580d737877174d7afcd160c7017e8bae6db103bb88f370c18af95c457d286ab89ef55e2ab2a7dd15

Score
10/10
hancitor0211_ponxwedownloader

Malware Config

Extracted

Family

hancitor

Botnet

0211_ponxwe

C2

http://mettlybothe.com/8/forum.php

http://herstrairzoj.ru/8/forum.php

http://allonsetkes.ru/8/forum.php

Targets

    • Target

      gelfor.dap

    • Size

      696KB

    • MD5

      522d9c5981133e496fb4d21ee2dc54a2

    • SHA1

      2c0f7b0ba7c561cd65f02872fcaacef14663923b

    • SHA256

      d83fbc9534957dd464cbc7cd2797d3041bd0d1a72b213b1ab7bccaec34359dbb

    • SHA512

      10d336a68bafb412970318ed64fbba1c4387c0db34462eeb580d737877174d7afcd160c7017e8bae6db103bb88f370c18af95c457d286ab89ef55e2ab2a7dd15

    Score
    10/10
    hancitor0211_ponxwedownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks