Overview

overview

10

Static

static

53ca4b06b2...8e.doc

windows7_x64

4

53ca4b06b2...8e.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53ca4b06b2b83d4585848d6c62b542012b8915e0747cddb398108ab68f47408e.doc

  • Size

    125KB

  • Sample

    211215-tgphbshhh8

  • MD5

    e319be556721e65ae1b39b357606c86c

  • SHA1

    2a18193495bb18700f3e71bcc911ac8b05cc724b

  • SHA256

    53ca4b06b2b83d4585848d6c62b542012b8915e0747cddb398108ab68f47408e

  • SHA512

    266ee1ed1525a0acc92f7a6de34e8f1202911b672c893c399291da42adbb30d01c1fb1a13c804caeb16ead7c5524d7bc6bfcf6b34b393f22f770524dcd0a8932

Score
10/10
hancitor1212_pljfdidownloader

Malware Config

Extracted

Family

hancitor

Botnet

1212_pljfdi

C2

http://ybotedin.com/9/forum.php

http://joirmeraw.ru/9/forum.php

http://sibiquan.ru/9/forum.php

Targets

    • Target

      53ca4b06b2b83d4585848d6c62b542012b8915e0747cddb398108ab68f47408e.doc

    • Size

      125KB

    • MD5

      e319be556721e65ae1b39b357606c86c

    • SHA1

      2a18193495bb18700f3e71bcc911ac8b05cc724b

    • SHA256

      53ca4b06b2b83d4585848d6c62b542012b8915e0747cddb398108ab68f47408e

    • SHA512

      266ee1ed1525a0acc92f7a6de34e8f1202911b672c893c399291da42adbb30d01c1fb1a13c804caeb16ead7c5524d7bc6bfcf6b34b393f22f770524dcd0a8932

    Score
    10/10
    hancitor1212_pljfdidownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks