Overview

overview

10

Static

static

moexx.dll

windows7_x64

10

moexx.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    moexx.bin

  • Size

    1.2MB

  • Sample

    220216-mj8knabeh7

  • MD5

    d45abc73d387c5c660733ef9e9802abf

  • SHA1

    dbe52585fb8a4a83dda437cd435e65e7f53da174

  • SHA256

    8c96d5c65053baa59e62bcce2319d520c20feb87d2af5a48b39f58c940e602c9

  • SHA512

    47282bd781ede4c520d4eb39160e67fc25b56921506c9fbb57c32b1fafd4cb343c80a538c1564d480fa51f03cff290cd90ff069c525bf4e7bbb7330187de57b5

Score
10/10
hancitor1402_dfjk23downloader

Malware Config

Extracted

Family

hancitor

Botnet

1402_dfjk23

C2

http://binetetakoz.com/9/forum.php

http://tatalously.ru/9/forum.php

http://veletionro.ru/9/forum.php

Targets

    • Target

      moexx.bin

    • Size

      1.2MB

    • MD5

      d45abc73d387c5c660733ef9e9802abf

    • SHA1

      dbe52585fb8a4a83dda437cd435e65e7f53da174

    • SHA256

      8c96d5c65053baa59e62bcce2319d520c20feb87d2af5a48b39f58c940e602c9

    • SHA512

      47282bd781ede4c520d4eb39160e67fc25b56921506c9fbb57c32b1fafd4cb343c80a538c1564d480fa51f03cff290cd90ff069c525bf4e7bbb7330187de57b5

    Score
    10/10
    hancitor1402_dfjk23downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks