Overview

overview

10

Static

static

e020851d5c...e9.dll

windows7_x64

10

e020851d5c...e9.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e020851d5c3b66662ef70b47f23365a9d922d1b289634c4dddea047a6fd770e9

  • Size

    396KB

  • Sample

    220309-stde6ahhd9

  • MD5

    394beefcf36a6e88ba35ea5252dec78f

  • SHA1

    99810c8afc8a87603abaa4cac610cde14c9c4c10

  • SHA256

    e020851d5c3b66662ef70b47f23365a9d922d1b289634c4dddea047a6fd770e9

  • SHA512

    503ec76dd5937a9180c31caac98805def521bd3c7be1f3717f27b54a9a77436a2b170168de77f5043a4925a763fb09a25a74b4c929105acab3a56c25c272ac82

Score
10/10
hancitor0312_89324downloader

Malware Config

Extracted

Family

hancitor

Botnet

0312_89324

C2

http://bandieve.com/8/forum.php

http://decturnearrips.ru/8/forum.php

http://looduchavens.ru/8/forum.php

Targets

    • Target

      e020851d5c3b66662ef70b47f23365a9d922d1b289634c4dddea047a6fd770e9

    • Size

      396KB

    • MD5

      394beefcf36a6e88ba35ea5252dec78f

    • SHA1

      99810c8afc8a87603abaa4cac610cde14c9c4c10

    • SHA256

      e020851d5c3b66662ef70b47f23365a9d922d1b289634c4dddea047a6fd770e9

    • SHA512

      503ec76dd5937a9180c31caac98805def521bd3c7be1f3717f27b54a9a77436a2b170168de77f5043a4925a763fb09a25a74b4c929105acab3a56c25c272ac82

    Score
    10/10
    hancitor0312_89324downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks