hancitor | 161ef8d489aa4af60893cbf531e4760fc25db74b0afa5e3056bb8a52f532824a | Triage

Submit
Reports

Overview

overview

Static

static

Tracking#1...83.vbs

windows7_x64

Tracking#1...83.vbs

windows10-2004_x64

Sharing

General

Target

161ef8d489aa4af60893cbf531e4760fc25db74b0afa5e3056bb8a52f532824a
Size

215KB
Sample

220609-fg4qcshbh6
MD5

9c2e87eb25206e1fbbba38dd05a3ff7c
SHA1

3d62bc0b14a3b3b9d4cd5d8d1d5a3d90dcb557b5
SHA256

161ef8d489aa4af60893cbf531e4760fc25db74b0afa5e3056bb8a52f532824a
SHA512

9ffa37638d66b118a1e2f0fe04848a343764102f1276a4cb797fd14766ceb70ac1aa2a598fe48d1df9ed60a3e9d2985957a8a760bc2f2e411cc8cec7f6f17b49

Score

10^/10

hancitor 1912_372823 downloader

Static task

static1

Behavioral task

behavioral1

Sample

Tracking#1912257252583.vbs

Resource

win7-20220414-en

hancitor 1912_372823 downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Tracking#1912257252583.vbs

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

hancitor

Botnet

1912_372823

C2

http://howeelyzuq.com/4/forum.php

http://thriondery.ru/4/forum.php

http://craledlopj.ru/4/forum.php

Targets

- Target
  
  Tracking#1912257252583.vbs
- Size
  
  602KB
- MD5
  
  02782c8c2739ebc98df5b5bcfb758ead
- SHA1
  
  409d28546f0589ba6f8af73c8cbb7328be717aba
- SHA256
  
  aa14013aab2ff7beea20c14c710dafde5f4bd79d8e125f63ed38e788c6e4aa18
- SHA512
  
  3907e36f23dea3337fee11696066c3f738f2c4587de39374267105c8fc8abeee6ffd761251478bab9d31bbed09d6c8c1495b4d4fb9c2cc782e0e9df542f7db9d
Score

10^/10

hancitor 1912_372823 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

hancitor1912_372823downloader

behavioral2

© 2018-2024

Terms | Privacy