hancitor | 9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559 | Triage

Sharing

General

Target

9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559
Size

174KB
Sample

220625-l59t6sabb2
MD5

756dbecf943dd53febeb85b2ce28663a
SHA1

221fda0aa2748a9ef518ad568e4038ce7a466ecf
SHA256

9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559
SHA512

651a5ad4a7aa001464260ad0bb9ed5504910b5c8917ea85a93860e3d08bf8e922e24f466dd28d7f4e024e4297fa925bb513f47177277ae098ff9ea826b06e991

Score

10^/10

hancitor 1811_67213 downloader

Malware Config

Extracted

Family

hancitor

Botnet

1811_67213

C2

http://elesengrity.com/4/forum.php

http://lardempotr.ru/4/forum.php

http://dethavare.ru/4/forum.php

Targets

- Target
  
  9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559
- Size
  
  174KB
- MD5
  
  756dbecf943dd53febeb85b2ce28663a
- SHA1
  
  221fda0aa2748a9ef518ad568e4038ce7a466ecf
- SHA256
  
  9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559
- SHA512
  
  651a5ad4a7aa001464260ad0bb9ed5504910b5c8917ea85a93860e3d08bf8e922e24f466dd28d7f4e024e4297fa925bb513f47177277ae098ff9ea826b06e991
Score

10^/10

hancitor 1811_67213 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor1811_67213downloader

behavioral2

hancitor1811_67213downloader