Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 09:28
Static task
static1
Behavioral task
behavioral1
Sample
463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exe
Resource
win10v2004-20220414-en
General
-
Target
463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exe
-
Size
96KB
-
MD5
9a69378f63c39e0f3a148dd3767fa807
-
SHA1
85fdc5dafe3dbd3943afb07028eb183980a1f410
-
SHA256
463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa
-
SHA512
621f8a96096250a8c15f419e34d7645323db2ae535cb12dca1742ac72107e227b55ce1f6b06e02ae3011a21cce3e2d77a84b499c8390ec8f0bb5f488e7f34cb5
Malware Config
Extracted
hancitor
01_07_834832
http://totharduron.com/4/forum.php
http://rythettinleft.ru/4/forum.php
http://sebutgurom.ru/4/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exepid Process 1464 463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exe 1464 463714fb98a2d18aaa5b6b29782822b4971034de9ea9da06708974cabcc999aa.exe