Overview

overview

10

Static

static

8

5e1267c7d8...53.doc

windows7_x64

4

5e1267c7d8...53.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e1267c7d8ba66773106314b9752b153

  • Size

    892KB

  • Sample

    211123-vgt89adhf7

  • MD5

    5e1267c7d8ba66773106314b9752b153

  • SHA1

    6e46f60fa7e0cebc36d9f9ba1ae5a0c20e776da8

  • SHA256

    1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f

  • SHA512

    63217a100f5dda72947691aaede20541ccfb792eef961b845b1e6a153767f352290fd45890bfae986c9c1c19a8e783cfd4eb692bae6706aae0a0f741ae2e61bd

Score
10/10
hancitor2311_nsdirdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

C2

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Targets

    • Target

      5e1267c7d8ba66773106314b9752b153

    • Size

      892KB

    • MD5

      5e1267c7d8ba66773106314b9752b153

    • SHA1

      6e46f60fa7e0cebc36d9f9ba1ae5a0c20e776da8

    • SHA256

      1c9d20896f1c44c2dbbb6bb05979c1ec374d097b9af4d881c0c1949ddc1d821f

    • SHA512

      63217a100f5dda72947691aaede20541ccfb792eef961b845b1e6a153767f352290fd45890bfae986c9c1c19a8e783cfd4eb692bae6706aae0a0f741ae2e61bd

    Score
    10/10
    hancitor2311_nsdirdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks