Overview

overview

10

Static

static

995cbbb422...da.exe

windows7_x64

10

995cbbb422...da.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-06-2022 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda.exe

  • Size

    80KB

  • MD5

    e409d5c467ca3ff5c7b4e4963629ee18

  • SHA1

    8ffdeebf7b41fe65b2d92eed18ddd6c39eeea2d8

  • SHA256

    995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda

  • SHA512

    d4cab9c532157c90310b1d0bce818eeca552f0de065c0e34ab3eea4a43239c5579fd96065db9995ea6bf2bfdaf3726a475b93d46bbd97fe6aeb294eed4cc2e60

Score
10/10
hancitor2901_67231downloader

Malware Config

Extracted

Family

hancitor

Botnet

2901_67231

C2

http://twereptale.com/4/forum.php

http://charovalso.ru/4/forum.php

http://verectert.ru/4/forum.php

Signatures

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda.exe
    "C:\Users\Admin\AppData\Local\Temp\995cbbb422634d497d65e12454cd5832cf1b4422189d9ec06efa88ed56891cda.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1684-54-0x00000000752D1000-0x00000000752D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1684-55-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1684-56-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download