hancitor | 02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed | Triage

Sharing

General

Target

02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed
Size

249KB
Sample

220528-g24rjagchr
MD5

a0d23bbe7cb0a091a308018a22402154
SHA1

48df1bca038752508402b42cf802af43a044d008
SHA256

02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed
SHA512

deca2b3185d5f39cbaee0428fca55acf8e0c1ef73d9137ae76077259546c56d07d111e481cfcbf743783f276b3bcf9ce63149bd36c8791c5eae01265af1350b5

Score

10^/10

hancitor 2205_674384 downloader

Malware Config

Extracted

Family

hancitor

Botnet

2205_674384

C2

http://kingusaref.com/4/forum.php

http://retnejustren.ru/4/forum.php

http://tansinmaked.ru/4/forum.php

Targets

- Target
  
  02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed
- Size
  
  249KB
- MD5
  
  a0d23bbe7cb0a091a308018a22402154
- SHA1
  
  48df1bca038752508402b42cf802af43a044d008
- SHA256
  
  02258bfbe7dd5966e0fcc342277f0ce537444c62aeed9adb1b913c48b6c7f2ed
- SHA512
  
  deca2b3185d5f39cbaee0428fca55acf8e0c1ef73d9137ae76077259546c56d07d111e481cfcbf743783f276b3bcf9ce63149bd36c8791c5eae01265af1350b5
Score

10^/10

hancitor 2205_674384 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2205_674384downloader

behavioral2

hancitor2205_674384downloader