hancitor | 86604666fbc6481a6be95303d14100bd65e1ea9248f6a6d1e6babec9b8de2d78 | Triage

Sharing

General

Target

86604666fbc6481a6be95303d14100bd65e1ea9248f6a6d1e6babec9b8de2d78
Size

147KB
Sample

220701-gwp17aghf2
MD5

001cb29837377a874dc8cbc0decd6021
SHA1

a17bf6c18013819271d0069ae31e9c812d89a085
SHA256

86604666fbc6481a6be95303d14100bd65e1ea9248f6a6d1e6babec9b8de2d78
SHA512

11b791c6cb33da3a51d8576b917d721ae01f896add9fee73a733ff3280ac427d8640e2fa5dfb2b4ead85693b2693efb76e52afc97d7ebc93b451edcef9edb3be

Score

10^/10

hancitor 2310_3274823 downloader

Malware Config

Extracted

Family

hancitor

Botnet

2310_3274823

C2

http://sagitecheadle.com/4/forum.php

http://durestuasben.ru/4/forum.php

http://vladiondul.ru/4/forum.php

Targets

- Target
  
  86604666fbc6481a6be95303d14100bd65e1ea9248f6a6d1e6babec9b8de2d78
- Size
  
  147KB
- MD5
  
  001cb29837377a874dc8cbc0decd6021
- SHA1
  
  a17bf6c18013819271d0069ae31e9c812d89a085
- SHA256
  
  86604666fbc6481a6be95303d14100bd65e1ea9248f6a6d1e6babec9b8de2d78
- SHA512
  
  11b791c6cb33da3a51d8576b917d721ae01f896add9fee73a733ff3280ac427d8640e2fa5dfb2b4ead85693b2693efb76e52afc97d7ebc93b451edcef9edb3be
Score

10^/10

hancitor 2310_3274823 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2310_3274823downloader

behavioral2

hancitor2310_3274823downloader