Overview

overview

10

Static

static

10

14edb72021...ec.dll

windows7_x64

10

14edb72021...ec.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec

  • Size

    32KB

  • Sample

    220609-k2mpssecck

  • MD5

    3269403f22012392c84afd2893d9b2c3

  • SHA1

    dbbaa659b2df403dd029555f9cfbac1dad255723

  • SHA256

    14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec

  • SHA512

    6a0981a9565d2e1a9ad6cc126f0e29557f2a2ee8cf48a079ab24dc38c94553f2e90851d5043cc2a9da6a6d4153327efba2a3c22552bd095521be6d7a2f66c60f

Score
10/10
hancitor0912_1237732downloader

Malware Config

Extracted

Family

hancitor

Botnet

0912_1237732

C2

http://featicent.com/4/forum.php

http://whysturprom.ru/4/forum.php

http://usseleteria.ru/4/forum.php

Targets

    • Target

      14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec

    • Size

      32KB

    • MD5

      3269403f22012392c84afd2893d9b2c3

    • SHA1

      dbbaa659b2df403dd029555f9cfbac1dad255723

    • SHA256

      14edb72021fa36f77ef8b477af70ef25bfd1dfa72331fb2f48ab09a8817f9cec

    • SHA512

      6a0981a9565d2e1a9ad6cc126f0e29557f2a2ee8cf48a079ab24dc38c94553f2e90851d5043cc2a9da6a6d4153327efba2a3c22552bd095521be6d7a2f66c60f

    Score
    10/10
    hancitor0912_1237732downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks