hancitor | 72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b | Triage

Submit
Reports

Overview

overview

Static

static

72ea69e211...6b.dll

windows7_x64

72ea69e211...6b.dll

windows10-2004_x64

Sharing

Static task

static1

3010_2312321 hancitor

Behavioral task

behavioral1

Sample

72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b.dll

Resource

win7-20220414-en

hancitor 3010_2312321 downloader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b.dll

Resource

win10v2004-20220414-en

hancitor 3010_2312321 downloader

windows10-2004_x64

0 signatures

0 seconds

General

Target

72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b
Size

30KB
MD5

c474f5108e6d3681049af55c62026661
SHA1

674b43ec6d8d6494c70917c2cc0478259ce8ffc1
SHA256

72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b
SHA512

205bf99637067523f3a179ab6eae6c5bd741d7bff06e54031d573ed0c1e25c5a1b6d3a47adc3f6b4341ad98426cfd839d589a031472be344e1e66916e755eec3
SSDEEP

384:dIeaEcfgChsRCppm6ba2z+uVetR7DDBuBziBH4v5S029CBYPwQgXAyWklhjDsE99:RKsRswq8lczikS02wYPwtXAshjAE99

Score

10^/10

3010_2312321 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

3010_2312321

C2

http://hurampronand.com/4/forum.php

http://probominku.ru/4/forum.php

http://theintrughe.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

72ea69e2111ea6226787af8d0257f6773ed03bb47885dd3f5e86c4038dd4f96b
.dll windows x86

559d7f683356c58f04f061849901282c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcatA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetThreadContext
SetThreadContext
ResumeThread
CloseHandle

Exports

Exports

Start
Stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy