Overview

overview

10

Static

static

995cbbb422...da.exe

windows7_x64

10

995cbbb422...da.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda

  • Size

    80KB

  • Sample

    220625-gsq43sggbk

  • MD5

    e409d5c467ca3ff5c7b4e4963629ee18

  • SHA1

    8ffdeebf7b41fe65b2d92eed18ddd6c39eeea2d8

  • SHA256

    995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda

  • SHA512

    d4cab9c532157c90310b1d0bce818eeca552f0de065c0e34ab3eea4a43239c5579fd96065db9995ea6bf2bfdaf3726a475b93d46bbd97fe6aeb294eed4cc2e60

Score
10/10
hancitor2901_67231downloader

Malware Config

Extracted

Family

hancitor

Botnet

2901_67231

C2

http://twereptale.com/4/forum.php

http://charovalso.ru/4/forum.php

http://verectert.ru/4/forum.php

Targets

    • Target

      995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda

    • Size

      80KB

    • MD5

      e409d5c467ca3ff5c7b4e4963629ee18

    • SHA1

      8ffdeebf7b41fe65b2d92eed18ddd6c39eeea2d8

    • SHA256

      995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda

    • SHA512

      d4cab9c532157c90310b1d0bce818eeca552f0de065c0e34ab3eea4a43239c5579fd96065db9995ea6bf2bfdaf3726a475b93d46bbd97fe6aeb294eed4cc2e60

    Score
    10/10
    hancitor2901_67231downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks