hancitor | 03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6 | Triage

Submit
Reports

Overview

overview

Static

static

03dbd7e730...b6.dll

windows7_x64

8

03dbd7e730...b6.dll

windows10-2004_x64

8

Sharing

General

Target

03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6
Size

25KB
Sample

220320-yldzlsfdd6
MD5

c86d3b39a9c0f72513f4aae8327fd0e8
SHA1

8d6fd0696111777073e1e891dcf5654de89a8d21
SHA256

03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6
SHA512

987a089db0a32522a8fbd537193a08e88455646076968700c2b58edb1a6056021ee288fb17ca8402b40e71c575a0ee5f66e4803c7437d905b423762e1ca48379

Score

10^/10

hancitor 2508_bqplf

Static task

static1

2508_bqplf hancitor

Behavioral task

behavioral1

Sample

03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6.dll

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6.dll

Resource

win10v2004-20220310-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2508_bqplf

C2

http://intakinger.com/8/forum.php

http://idgentexpliet.ru/8/forum.php

http://declassivan.ru/8/forum.php

Targets

- Target
  
  03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6
- Size
  
  25KB
- MD5
  
  c86d3b39a9c0f72513f4aae8327fd0e8
- SHA1
  
  8d6fd0696111777073e1e891dcf5654de89a8d21
- SHA256
  
  03dbd7e7306a8bf50b6423d1df0bf259177f32380e48a147ec0e842487c0bfb6
- SHA512
  
  987a089db0a32522a8fbd537193a08e88455646076968700c2b58edb1a6056021ee288fb17ca8402b40e71c575a0ee5f66e4803c7437d905b423762e1ca48379
Score

8^/10
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

2508_bqplfhancitor

behavioral1

behavioral2

© 2018-2025

Terms | Privacy