Overview

overview

10

Static

static

3f1be0bf22...fc.dll

windows7_x64

10

3f1be0bf22...fc.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc

  • Size

    146KB

  • Sample

    220701-c6ntnagfcr

  • MD5

    e74c3bdd43f79a329239e9680336dafb

  • SHA1

    8eef521c52eb819c066ae097f33ebd0dee43114a

  • SHA256

    3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc

  • SHA512

    18a62bf4678e63600a568202990d9f736e7ce46f305895bd94cde6be522a8c480762050944ec7767a39d865972a478e3a2bb31c22e9782630d99cc34c3b19564

Score
10/10
hancitor1112_783223downloader

Malware Config

Extracted

Family

hancitor

Botnet

1112_783223

C2

http://magenvire.com/4/forum.php

http://boutimsami.ru/4/forum.php

http://adinend.ru/4/forum.php

Targets

    • Target

      3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc

    • Size

      146KB

    • MD5

      e74c3bdd43f79a329239e9680336dafb

    • SHA1

      8eef521c52eb819c066ae097f33ebd0dee43114a

    • SHA256

      3f1be0bf22eb9c01ecfd1a9d8a9fbe46ce103567a3876d9c28ab8b2b21feddfc

    • SHA512

      18a62bf4678e63600a568202990d9f736e7ce46f305895bd94cde6be522a8c480762050944ec7767a39d865972a478e3a2bb31c22e9782630d99cc34c3b19564

    Score
    10/10
    hancitor1112_783223downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks