hancitor | 8c96d5c65053baa59e62bcce2319d520c20feb87d2af5a48b39f58c940e602c9 | Triage

Submit
Reports

Overview

overview

Static

static

moexx.dll

windows7_x64

moexx.dll

windows10-2004_x64

Sharing

General

Target

moexx.bin
Size

1.2MB
Sample

220216-mj8knabeh7
MD5

d45abc73d387c5c660733ef9e9802abf
SHA1

dbe52585fb8a4a83dda437cd435e65e7f53da174
SHA256

8c96d5c65053baa59e62bcce2319d520c20feb87d2af5a48b39f58c940e602c9
SHA512

47282bd781ede4c520d4eb39160e67fc25b56921506c9fbb57c32b1fafd4cb343c80a538c1564d480fa51f03cff290cd90ff069c525bf4e7bbb7330187de57b5

Score

10^/10

hancitor 1402_dfjk23 downloader

Static task

static1

Behavioral task

behavioral1

Sample

moexx.dll

Resource

win7-en-20211208

hancitor 1402_dfjk23 downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

moexx.dll

Resource

win10v2004-en-20220113

hancitor 1402_dfjk23 downloader

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

1402_dfjk23

C2

http://binetetakoz.com/9/forum.php

http://tatalously.ru/9/forum.php

http://veletionro.ru/9/forum.php

Targets

- Target
  
  moexx.bin
- Size
  
  1.2MB
- MD5
  
  d45abc73d387c5c660733ef9e9802abf
- SHA1
  
  dbe52585fb8a4a83dda437cd435e65e7f53da174
- SHA256
  
  8c96d5c65053baa59e62bcce2319d520c20feb87d2af5a48b39f58c940e602c9
- SHA512
  
  47282bd781ede4c520d4eb39160e67fc25b56921506c9fbb57c32b1fafd4cb343c80a538c1564d480fa51f03cff290cd90ff069c525bf4e7bbb7330187de57b5
Score

10^/10

hancitor 1402_dfjk23 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hancitor1402_dfjk23downloader

behavioral2

hancitor1402_dfjk23downloader

© 2018-2024

Terms | Privacy