General
-
Target
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
-
Size
82KB
-
Sample
220205-kpllzahhbr
-
MD5
38739e8c8fc39b3ef8c25b996e4bfa74
-
SHA1
d0792a6b36960254216de3217887c914df633de1
-
SHA256
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
-
SHA512
cad0deafcb65e39e96bb0eeb50833dc56fcc4600348950c438c23f6504470c56f1098381f1202992cce3efcc989c5091574f634166460e2783c3d9201010ce3d
Malware Config
Extracted
hancitor
0604_dl75789
http://ationsopors.com/4/forum.php
http://hoagoomde.com/4/forum.php
http://ardstiobek.com/4/forum.php
Targets
-
-
Target
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
-
Size
82KB
-
MD5
38739e8c8fc39b3ef8c25b996e4bfa74
-
SHA1
d0792a6b36960254216de3217887c914df633de1
-
SHA256
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
-
SHA512
cad0deafcb65e39e96bb0eeb50833dc56fcc4600348950c438c23f6504470c56f1098381f1202992cce3efcc989c5091574f634166460e2783c3d9201010ce3d
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
suricata: ET MALWARE Tordal/Hancitor/Chanitor Checkin
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-