General

  • Target

    463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa

  • Size

    96KB

  • Sample

    220707-lfgr4adad3

  • MD5

    9a69378f63c39e0f3a148dd3767fa807

  • SHA1

    85fdc5dafe3dbd3943afb07028eb183980a1f410

  • SHA256

    463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa

  • SHA512

    621f8a96096250a8c15f419e34d7645323db2ae535cb12dca1742ac72107e227b55ce1f6b06e02ae3011a21cce3e2d77a84b499c8390ec8f0bb5f488e7f34cb5

Malware Config

Extracted

Family

hancitor

Botnet

01_07_834832

C2

http://totharduron.com/4/forum.php

http://rythettinleft.ru/4/forum.php

http://sebutgurom.ru/4/forum.php

Targets

    • Target

      463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa

    • Size

      96KB

    • MD5

      9a69378f63c39e0f3a148dd3767fa807

    • SHA1

      85fdc5dafe3dbd3943afb07028eb183980a1f410

    • SHA256

      463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa

    • SHA512

      621f8a96096250a8c15f419e34d7645323db2ae535cb12dca1742ac72107e227b55ce1f6b06e02ae3011a21cce3e2d77a84b499c8390ec8f0bb5f488e7f34cb5

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks