General
-
Target
17454b5c4de7f3404668c1bf54a691c577b9c26adf5987b7c6fa748fc1267963
-
Size
147KB
-
Sample
220608-1dxsvsacam
-
MD5
807270038736d7095ef4c134afac8054
-
SHA1
56df9dca3588f02d6d44946651bf134116e50e14
-
SHA256
17454b5c4de7f3404668c1bf54a691c577b9c26adf5987b7c6fa748fc1267963
-
SHA512
3f9e21b7076eff56735d784ddb5902274bfc6bc899a43a13ba8510e1ed00daa87ee1f867bea488f637601a829d4c424dccd039e07160014230b859731db182d7
Malware Config
Extracted
hancitor
2410_43984389
http://wickawbarrysci.com/4/forum.php
http://scangescangomu.ru/4/forum.php
http://penreleaplif.ru/4/forum.php
Targets
-
-
Target
17454b5c4de7f3404668c1bf54a691c577b9c26adf5987b7c6fa748fc1267963
-
Size
147KB
-
MD5
807270038736d7095ef4c134afac8054
-
SHA1
56df9dca3588f02d6d44946651bf134116e50e14
-
SHA256
17454b5c4de7f3404668c1bf54a691c577b9c26adf5987b7c6fa748fc1267963
-
SHA512
3f9e21b7076eff56735d784ddb5902274bfc6bc899a43a13ba8510e1ed00daa87ee1f867bea488f637601a829d4c424dccd039e07160014230b859731db182d7
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-