hancitor | a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b | Triage

Submit
Reports

Overview

overview

Static

static

8

1123_23395...72.doc

windows7_x64

4

1123_23395...72.doc

windows10_x64

Sharing

General

Target

1123_2339546126972.doc
Size

893KB
Sample

211123-tdcz5adfh9
MD5

ca52b8e88308d2d3147b0721d6d72626
SHA1

e91c2de24abae6a37f6572b70685a3ce25fe821e
SHA256

a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b
SHA512

763d1205b1dcb84ffbf59f1ff61a62175a058b6c2d5994d5575ad900b195ee74a085937c6dc669ddb42a2f6a7f45f391d0e4c0b10307ec860ef52c7991f3b6b8

Score

10^/10

hancitor 2311_nsdir downloader macro macro_on_action

Static task

static1

macro macro_on_action

Behavioral task

behavioral1

Sample

1123_2339546126972.doc

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1123_2339546126972.doc

Resource

win10-en-20211104

hancitor 2311_nsdir downloader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

C2

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Targets

- Target
  
  1123_2339546126972.doc
- Size
  
  893KB
- MD5
  
  ca52b8e88308d2d3147b0721d6d72626
- SHA1
  
  e91c2de24abae6a37f6572b70685a3ce25fe821e
- SHA256
  
  a2903ebc67c3549f59ecf6718444f6826030fa29f3701460b9709edbd9aa675b
- SHA512
  
  763d1205b1dcb84ffbf59f1ff61a62175a058b6c2d5994d5575ad900b195ee74a085937c6dc669ddb42a2f6a7f45f391d0e4c0b10307ec860ef52c7991f3b6b8
Score

10^/10

hancitor 2311_nsdir downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

hancitor2311_nsdirdownloader

© 2018-2025

Terms | Privacy