Overview

overview

10

Static

static

02258bfbe7...ed.exe

windows7_x64

10

02258bfbe7...ed.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed

  • Size

    249KB

  • Sample

    220528-g24rjagchr

  • MD5

    a0d23bbe7cb0a091a308018a22402154

  • SHA1

    48df1bca038752508402b42cf802af43a044d008

  • SHA256

    02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed

  • SHA512

    deca2b3185d5f39cbaee0428fca55acf8e0c1ef73d9137ae76077259546c56d07d111e481cfcbf743783f276b3bcf9ce63149bd36c8791c5eae01265af1350b5

Score
10/10
hancitor2205_674384downloader

Malware Config

Extracted

Family

hancitor

Botnet

2205_674384

C2

http://kingusaref.com/4/forum.php

http://retnejustren.ru/4/forum.php

http://tansinmaked.ru/4/forum.php

Targets

    • Target

      02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed

    • Size

      249KB

    • MD5

      a0d23bbe7cb0a091a308018a22402154

    • SHA1

      48df1bca038752508402b42cf802af43a044d008

    • SHA256

      02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed

    • SHA512

      deca2b3185d5f39cbaee0428fca55acf8e0c1ef73d9137ae76077259546c56d07d111e481cfcbf743783f276b3bcf9ce63149bd36c8791c5eae01265af1350b5

    Score
    10/10
    hancitor2205_674384downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks