hancitor | 067d89c1270799d20eecb3b91e644a634adacb154cf2a1c186c0f58b74090f43 | Triage

Sharing

General

Target

067d89c1270799d20eecb3b91e644a634adacb154cf2a1c186c0f58b74090f43
Size

274KB
Sample

220531-gk97zsgag9
MD5

e9143086453d552f0780426acb0af541
SHA1

740d5931036fe041e77a79b204969c2e0fe059ea
SHA256

067d89c1270799d20eecb3b91e644a634adacb154cf2a1c186c0f58b74090f43
SHA512

bc497bc12b08c90ae824b09704901d90c4cf66c355a6d384c2d69d16ef9e7a36ab97c968076056e58b5771f6182d82f52e77a86d62ccc9b1086bfd2ca54fc7bc

Score

10^/10

hancitor 0210_328487 downloader

Malware Config

Extracted

Family

hancitor

Botnet

0210_328487

C2

http://spausence.com/4/forum.php

http://wortionce.ru/4/forum.php

http://knoweent.ru/4/forum.php

Targets

- Target
  
  067d89c1270799d20eecb3b91e644a634adacb154cf2a1c186c0f58b74090f43
- Size
  
  274KB
- MD5
  
  e9143086453d552f0780426acb0af541
- SHA1
  
  740d5931036fe041e77a79b204969c2e0fe059ea
- SHA256
  
  067d89c1270799d20eecb3b91e644a634adacb154cf2a1c186c0f58b74090f43
- SHA512
  
  bc497bc12b08c90ae824b09704901d90c4cf66c355a6d384c2d69d16ef9e7a36ab97c968076056e58b5771f6182d82f52e77a86d62ccc9b1086bfd2ca54fc7bc
Score

10^/10

hancitor 0210_328487 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor0210_328487downloader

behavioral2

hancitor0210_328487downloader