Overview

overview

10

Static

static

5c02107df5...07.dll

windows7_x64

10

5c02107df5...07.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c02107df5183c09261e0ce58e2ad73e68442bc3280924eb2786384a1429a007

  • Size

    396KB

  • Sample

    220309-stfwaacffk

  • MD5

    a719b7f1fb27224ae86ddaffe28604cc

  • SHA1

    03cc556ac4180bcddf189d189f2455d6b66cafee

  • SHA256

    5c02107df5183c09261e0ce58e2ad73e68442bc3280924eb2786384a1429a007

  • SHA512

    51f1a45fdf262f1d43bd8329eeea658c0fd04c57ac13d9448291d0b3198d4f226b1d00b2431b2f717c53609abe62bcd4679ca295951bbc93da9b3b1429ec78d9

Score
10/10
hancitor0312_89324downloader

Malware Config

Extracted

Family

hancitor

Botnet

0312_89324

C2

http://bandieve.com/8/forum.php

http://decturnearrips.ru/8/forum.php

http://looduchavens.ru/8/forum.php

Targets

    • Target

      5c02107df5183c09261e0ce58e2ad73e68442bc3280924eb2786384a1429a007

    • Size

      396KB

    • MD5

      a719b7f1fb27224ae86ddaffe28604cc

    • SHA1

      03cc556ac4180bcddf189d189f2455d6b66cafee

    • SHA256

      5c02107df5183c09261e0ce58e2ad73e68442bc3280924eb2786384a1429a007

    • SHA512

      51f1a45fdf262f1d43bd8329eeea658c0fd04c57ac13d9448291d0b3198d4f226b1d00b2431b2f717c53609abe62bcd4679ca295951bbc93da9b3b1429ec78d9

    Score
    10/10
    hancitor0312_89324downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks