General
-
Target
ca9ebb765d73b6379c2c037f86d2823144137a366bf79a4a974063beff45d55a
-
Size
545KB
-
Sample
220614-148caafdcr
-
MD5
97770c143d6f911ad2fb667089f3254b
-
SHA1
eb2be9136ecad2479b0f8348ce154d48f6c89d25
-
SHA256
ca9ebb765d73b6379c2c037f86d2823144137a366bf79a4a974063beff45d55a
-
SHA512
51962e2f84cb1a753268c4ff79a166d754c7d13caaa41d53e1119999a14774721fab4cd9fb05dbf99913db42c9e0b16061685b6945159892ade604821efb734a
Malware Config
Extracted
hancitor
1912_372823
http://howeelyzuq.com/4/forum.php
http://thriondery.ru/4/forum.php
http://craledlopj.ru/4/forum.php
Targets
-
-
Target
ca9ebb765d73b6379c2c037f86d2823144137a366bf79a4a974063beff45d55a
-
Size
545KB
-
MD5
97770c143d6f911ad2fb667089f3254b
-
SHA1
eb2be9136ecad2479b0f8348ce154d48f6c89d25
-
SHA256
ca9ebb765d73b6379c2c037f86d2823144137a366bf79a4a974063beff45d55a
-
SHA512
51962e2f84cb1a753268c4ff79a166d754c7d13caaa41d53e1119999a14774721fab4cd9fb05dbf99913db42c9e0b16061685b6945159892ade604821efb734a
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-