hancitor | 920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02 | Triage

Sharing

General

Target

920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
Size

147KB
Sample

220725-fwdgqagcbp
MD5

22aabe3eed3f6fd38b2ee4b69e5aeacb
SHA1

801356a456b59b0bd3fbcd664196e5bbab6365a1
SHA256

920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
SHA512

6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046

Score

10^/10

hancitor 2810_3264743 downloader

Malware Config

Extracted

Family

hancitor

Botnet

2810_3264743

C2

http://pubarecaz.com/4/forum.php

http://cremicies.ru/4/forum.php

http://thempotryk.ru/4/forum.php

Targets

- Target
  
  920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
- Size
  
  147KB
- MD5
  
  22aabe3eed3f6fd38b2ee4b69e5aeacb
- SHA1
  
  801356a456b59b0bd3fbcd664196e5bbab6365a1
- SHA256
  
  920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
- SHA512
  
  6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046
Score

10^/10

hancitor 2810_3264743 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2810_3264743downloader

behavioral2

hancitor2810_3264743downloader