Overview

overview

10

Static

static

920b5a9f12...02.dll

windows7-x64

10

920b5a9f12...02.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02

  • Size

    147KB

  • Sample

    220725-fwdgqagcbp

  • MD5

    22aabe3eed3f6fd38b2ee4b69e5aeacb

  • SHA1

    801356a456b59b0bd3fbcd664196e5bbab6365a1

  • SHA256

    920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02

  • SHA512

    6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046

Score
10/10
hancitor2810_3264743downloader

Malware Config

Extracted

Family

hancitor

Botnet

2810_3264743

C2

http://pubarecaz.com/4/forum.php

http://cremicies.ru/4/forum.php

http://thempotryk.ru/4/forum.php

Targets

    • Target

      920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02

    • Size

      147KB

    • MD5

      22aabe3eed3f6fd38b2ee4b69e5aeacb

    • SHA1

      801356a456b59b0bd3fbcd664196e5bbab6365a1

    • SHA256

      920b5a9f1288f07eabd9468d54c6b1c188a77999ec1947cd862f8bea31960b02

    • SHA512

      6cae88e4be4d1e6e928fc09deb8d88d138d9eafca077cd29444898b62af2ca77981546c5ab61da69cb1f459dfcf9da0745fbc975e09a94efe0f097518cc84046

    Score
    10/10
    hancitor2810_3264743downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks