Overview

overview

10

Static

static

18ee8e11fe...94.dll

windows7_x64

10

18ee8e11fe...94.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18ee8e11fed332e1d38eaa8d6eb6549798681cc5ddc8d0709c3efcb80dc34994

  • Size

    1.7MB

  • Sample

    220315-lfggbshfd2

  • MD5

    cc4c4ed0880dc4c949d2c5b82215c1f5

  • SHA1

    8bac526732429816b185a27f276291fcacc864f4

  • SHA256

    18ee8e11fed332e1d38eaa8d6eb6549798681cc5ddc8d0709c3efcb80dc34994

  • SHA512

    662aa21aa4d046166ae747b7cbdd51b23c7ad629efa92271083ffad20e39027f48428b3095471950718cf6a14bd3b9caa6042525c74dc62a7b063c0549bd5919

Score
10/10
hancitor1403_nerfdownloader

Malware Config

Extracted

Family

hancitor

Botnet

1403_nerf

C2

http://ordernema.com/9/forum.php

http://roobberle.ru/9/forum.php

http://sardogradu.ru/9/forum.php

Targets

    • Target

      18ee8e11fed332e1d38eaa8d6eb6549798681cc5ddc8d0709c3efcb80dc34994

    • Size

      1.7MB

    • MD5

      cc4c4ed0880dc4c949d2c5b82215c1f5

    • SHA1

      8bac526732429816b185a27f276291fcacc864f4

    • SHA256

      18ee8e11fed332e1d38eaa8d6eb6549798681cc5ddc8d0709c3efcb80dc34994

    • SHA512

      662aa21aa4d046166ae747b7cbdd51b23c7ad629efa92271083ffad20e39027f48428b3095471950718cf6a14bd3b9caa6042525c74dc62a7b063c0549bd5919

    Score
    10/10
    hancitor1403_nerfdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks