hancitor | 08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60 | Triage

Sharing

General

Target

08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
Size

25KB
Sample

220530-yyb1sadegr
MD5

f6b537bbe30240c5c9442dada66abb66
SHA1

c8246c32810e12f96eddab16ad5b7be34b0bffa8
SHA256

08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
SHA512

13e6a0b8434744c3a8a3b79a56585862a74d2e7bb4fe0ed857fe37ecad53efe69a64bbf3d8f7a7c211fb18522677403311bcffeca763d8875037531bf0197461

Score

10^/10

hancitor 0411_2348732

Malware Config

Extracted

Family

hancitor

Botnet

0411_2348732

C2

http://froloccenatr.com/4/forum.php

http://magnowin.ru/4/forum.php

http://imajobalgun.ru/4/forum.php

Targets

- Target
  
  08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
- Size
  
  25KB
- MD5
  
  f6b537bbe30240c5c9442dada66abb66
- SHA1
  
  c8246c32810e12f96eddab16ad5b7be34b0bffa8
- SHA256
  
  08fdd3e944f1e7d01f7c52abf0ef8157a730b451edf44c1b2746e1d321f75c60
- SHA512
  
  13e6a0b8434744c3a8a3b79a56585862a74d2e7bb4fe0ed857fe37ecad53efe69a64bbf3d8f7a7c211fb18522677403311bcffeca763d8875037531bf0197461
Score

6^/10
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

0411_2348732hancitor

behavioral1

behavioral2