Overview

overview

10

Static

static

10

ab2a474c3f...b0.dll

windows7_x64

8

ab2a474c3f...b0.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0

  • Size

    20KB

  • Sample

    220320-ynnxlafdg7

  • MD5

    a2dd642315f3cc6b44241c31ec964ea3

  • SHA1

    6a2426de100f63c884a54ed12013e3094e6fe10b

  • SHA256

    ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0

  • SHA512

    843e056ea08680540f2338c2c73e71777e9b395273bb56480f121d2074f1bb7957f798c198bd1840b2fc2b74a756a6c7be621ee545e2aab3f1212f176d7f5bae

Score
10/10
hancitor2311_nsdir

Malware Config

Extracted

Family

hancitor

Botnet

2311_nsdir

C2

http://templogio.com/9/forum.php

http://johommeract.ru/9/forum.php

http://amesibiquand.ru/9/forum.php

Targets

    • Target

      ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0

    • Size

      20KB

    • MD5

      a2dd642315f3cc6b44241c31ec964ea3

    • SHA1

      6a2426de100f63c884a54ed12013e3094e6fe10b

    • SHA256

      ab2a474c3fd276095d7db5d78df356a572b1eee397ef1977facd8df214db3db0

    • SHA512

      843e056ea08680540f2338c2c73e71777e9b395273bb56480f121d2074f1bb7957f798c198bd1840b2fc2b74a756a6c7be621ee545e2aab3f1212f176d7f5bae

    Score
    8/10

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks