hancitor | 245dd0bff1c08559e5e68ea25aadbf5bc6ebef5831ec19c34d8d2021747157fe | Triage

Submit
Reports

Overview

overview

Static

static

iff.dll

windows7_x64

iff.dll

windows10_x64

Sharing

General

Target

iff.dll
Size

1.9MB
Sample

211123-tf8jtaafaq
MD5

a93f9ecb20354d450b0443b63808c5ef
SHA1

95ac8afcf79459b8670dc932b39ac752d0c0ab1d
SHA256

245dd0bff1c08559e5e68ea25aadbf5bc6ebef5831ec19c34d8d2021747157fe
SHA512

1e2b42b2ca2fda92f5104cce1a7a9a63b20694b999bd4685da44a5178b002a1f0ed47c581006437f48616224f3e03f667fdd674e687e6d56d6818979fcdc5838

Score

10^/10

hancitor 2311_nsdir downloader

Static task

static1

Behavioral task

behavioral1

Sample

iff.dll

Resource

win7-en-20211104

hancitor 2311_nsdir downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

iff.dll

Resource

win10-en-20211014

hancitor 2311_nsdir downloader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

C2

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Targets

- Target
  
  iff.dll
- Size
  
  1.9MB
- MD5
  
  a93f9ecb20354d450b0443b63808c5ef
- SHA1
  
  95ac8afcf79459b8670dc932b39ac752d0c0ab1d
- SHA256
  
  245dd0bff1c08559e5e68ea25aadbf5bc6ebef5831ec19c34d8d2021747157fe
- SHA512
  
  1e2b42b2ca2fda92f5104cce1a7a9a63b20694b999bd4685da44a5178b002a1f0ed47c581006437f48616224f3e03f667fdd674e687e6d56d6818979fcdc5838
Score

10^/10

hancitor 2311_nsdir downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2311_nsdirdownloader

behavioral2

hancitor2311_nsdirdownloader

© 2018-2025

Terms | Privacy