Overview

overview

10

Static

static

if.dll

windows7_x64

10

if.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    if.dll

  • Size

    1.5MB

  • Sample

    220131-tcm4pshgak

  • MD5

    deef80792ae5c52d3553453d124c0457

  • SHA1

    b809c0a54e70d8d2377fc37a17d952ec98698670

  • SHA256

    ebe7a2c72e2e89732d435a7d491c9cd85f125b1584bb807f921b03dff9d16b94

  • SHA512

    61ecdee50c84792b88f8f1f65679d6141ee4b314d13bfb037c4a6af373d85ab8af6b389c813e5f158529f54321841d9540fdece77da283e876ff43202325bdfa

Score
10/10
hancitor3101_sjiuwedownloader

Malware Config

Extracted

Family

hancitor

Botnet

3101_sjiuwe

C2

http://cinenmera.com/9/forum.php

http://biquagin.ru/9/forum.php

http://joirwsin.ru/9/forum.php

Targets

    • Target

      if.dll

    • Size

      1.5MB

    • MD5

      deef80792ae5c52d3553453d124c0457

    • SHA1

      b809c0a54e70d8d2377fc37a17d952ec98698670

    • SHA256

      ebe7a2c72e2e89732d435a7d491c9cd85f125b1584bb807f921b03dff9d16b94

    • SHA512

      61ecdee50c84792b88f8f1f65679d6141ee4b314d13bfb037c4a6af373d85ab8af6b389c813e5f158529f54321841d9540fdece77da283e876ff43202325bdfa

    Score
    10/10
    hancitor3101_sjiuwedownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks