General
-
Target
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
-
Size
147KB
-
Sample
220725-fwdgqagcbp
-
MD5
22aabe3eed3f6fd38b2ee4b69e5aeacb
-
SHA1
801356a456b59b0bd3fbcd664196e5bbab6365a1
-
SHA256
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
-
SHA512
6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046
Static task
static1
Behavioral task
behavioral1
Sample
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02.dll
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02.dll
Resource
win10v2004-20220721-en
Malware Config
Extracted
hancitor
2810_3264743
http://pubarecaz.com/4/forum.php
http://cremicies.ru/4/forum.php
http://thempotryk.ru/4/forum.php
Targets
-
-
Target
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
-
Size
147KB
-
MD5
22aabe3eed3f6fd38b2ee4b69e5aeacb
-
SHA1
801356a456b59b0bd3fbcd664196e5bbab6365a1
-
SHA256
920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02
-
SHA512
6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046
Score10/10-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-