Overview

overview

10

Static

static

8

cefe49ab52...f3.doc

windows7_x64

4

cefe49ab52...f3.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cefe49ab523105b6c6c625280804c8f3

  • Size

    892KB

  • Sample

    211123-t8tlcsafhr

  • MD5

    cefe49ab523105b6c6c625280804c8f3

  • SHA1

    9d05646df4b2278664eef6aa1eb06a67d34daf6e

  • SHA256

    c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577

  • SHA512

    e3f366697cdcedd330beadfe7a8f5020bd335f2b08133aa983f5ba9fb1585b518b51e6d9b010ed9b3b34c61a35b6d4359f60b394a323c78f08b81196fc1a5547

Score
10/10
hancitor2311_nsdirdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

C2

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Targets

    • Target

      cefe49ab523105b6c6c625280804c8f3

    • Size

      892KB

    • MD5

      cefe49ab523105b6c6c625280804c8f3

    • SHA1

      9d05646df4b2278664eef6aa1eb06a67d34daf6e

    • SHA256

      c1c2fd46ce19afa66360c6db20edba84c460b254dc4676949bf38bdd41cdd577

    • SHA512

      e3f366697cdcedd330beadfe7a8f5020bd335f2b08133aa983f5ba9fb1585b518b51e6d9b010ed9b3b34c61a35b6d4359f60b394a323c78f08b81196fc1a5547

    Score
    10/10
    hancitor2311_nsdirdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks