Overview

overview

10

Static

static

9059535c4c...59.dll

windows7_x64

10

9059535c4c...59.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559

  • Size

    174KB

  • Sample

    220625-l59t6sabb2

  • MD5

    756dbecf943dd53febeb85b2ce28663a

  • SHA1

    221fda0aa2748a9ef518ad568e4038ce7a466ecf

  • SHA256

    9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559

  • SHA512

    651a5ad4a7aa001464260ad0bb9ed5504910b5c8917ea85a93860e3d08bf8e922e24f466dd28d7f4e024e4297fa925bb513f47177277ae098ff9ea826b06e991

Score
10/10
hancitor1811_67213downloader

Malware Config

Extracted

Family

hancitor

Botnet

1811_67213

C2

http://elesengrity.com/4/forum.php

http://lardempotr.ru/4/forum.php

http://dethavare.ru/4/forum.php

Targets

    • Target

      9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559

    • Size

      174KB

    • MD5

      756dbecf943dd53febeb85b2ce28663a

    • SHA1

      221fda0aa2748a9ef518ad568e4038ce7a466ecf

    • SHA256

      9059535c4c046e8292e3b7528c624af59886aeea8509f289b2a195b0fc83c559

    • SHA512

      651a5ad4a7aa001464260ad0bb9ed5504910b5c8917ea85a93860e3d08bf8e922e24f466dd28d7f4e024e4297fa925bb513f47177277ae098ff9ea826b06e991

    Score
    10/10
    hancitor1811_67213downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks