Overview

overview

10

Static

static

12f87dd075...3b.dll

windows7_x64

10

12f87dd075...3b.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b

  • Size

    280KB

  • Sample

    220201-j57npsbdan

  • MD5

    18ed9dca690e7588a6f12f2eeab3921a

  • SHA1

    2151775b62efb39e75ee1ad883c47c60d4b3c145

  • SHA256

    12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b

  • SHA512

    1c828f67ffa0c292990769ed167d8988e1708ce429e54939a0d6506a646cb16b82e7ee77678ccb64cba1c1f918203fd3643c9f8b8c1fe98c58a14e7b7203e5af

Score
10/10
hancitor1203_4893743248downloaderpersistence

Malware Config

Extracted

Family

hancitor

Botnet

1203_4893743248

C2

http://bralibuda.com/4/forum.php

http://greferezud.com/4/forum.php

http://deraelous.com/4/forum.php

Targets

    • Target

      12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b

    • Size

      280KB

    • MD5

      18ed9dca690e7588a6f12f2eeab3921a

    • SHA1

      2151775b62efb39e75ee1ad883c47c60d4b3c145

    • SHA256

      12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b

    • SHA512

      1c828f67ffa0c292990769ed167d8988e1708ce429e54939a0d6506a646cb16b82e7ee77678ccb64cba1c1f918203fd3643c9f8b8c1fe98c58a14e7b7203e5af

    Score
    10/10
    hancitor1203_4893743248downloaderpersistence

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Sets service image path in registry

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks