Overview

overview

10

Static

static

e52d446a99...84.dll

windows7_x64

10

e52d446a99...84.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784

  • Size

    82KB

  • Sample

    220205-kpllzahhbr

  • MD5

    38739e8c8fc39b3ef8c25b996e4bfa74

  • SHA1

    d0792a6b36960254216de3217887c914df633de1

  • SHA256

    e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784

  • SHA512

    cad0deafcb65e39e96bb0eeb50833dc56fcc4600348950c438c23f6504470c56f1098381f1202992cce3efcc989c5091574f634166460e2783c3d9201010ce3d

Score
10/10
hancitor0604_dl75789downloadersuricata

Malware Config

Extracted

Family

hancitor

Botnet

0604_dl75789

C2

http://ationsopors.com/4/forum.php

http://hoagoomde.com/4/forum.php

http://ardstiobek.com/4/forum.php

Targets

    • Target

      e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784

    • Size

      82KB

    • MD5

      38739e8c8fc39b3ef8c25b996e4bfa74

    • SHA1

      d0792a6b36960254216de3217887c914df633de1

    • SHA256

      e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784

    • SHA512

      cad0deafcb65e39e96bb0eeb50833dc56fcc4600348950c438c23f6504470c56f1098381f1202992cce3efcc989c5091574f634166460e2783c3d9201010ce3d

    Score
    10/10
    hancitor0604_dl75789downloadersuricata

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin

      suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin

      suricata

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks