hancitor | 71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464 | Triage

Submit
Reports

Overview

overview

Static

static

71b7e61a07...64.dll

windows7-x64

1

71b7e61a07...64.dll

windows10-2004-x64

3

Sharing

Static task

static1

2210_782133 hancitor

1 signatures

Behavioral task

behavioral1

Sample

71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464.dll

Resource

win7-20220718-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464.dll

Resource

win10v2004-20220721-en

windows10-2004-x64

2 signatures

150 seconds

General

Target

71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464
Size

30KB
MD5

dcc993a0e2a585873f7be805a87b18e3
SHA1

406ccacb9615bd5c2ac5d268a9f5647e170c3a22
SHA256

71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464
SHA512

1e75ce1b0691ad8d2312f39265a8beef3d6fe8efb9e9903fca3867dd6774010f04d08a7571f1d042b5c2d9841b32966a634a3102651e117ffbe6f430bea3cacd
SSDEEP

768:e+KsRswq8lczikS02wYYzprhpbQacbf9:4DOMYYzGJbf

Score

10^/10

2210_782133 hancitor

Malware Config

Extracted

Family

hancitor

Botnet

2210_782133

C2

http://pansoniterger.com/4/forum.php

http://penstinteic.ru/4/forum.php

http://rmopautham.ru/4/forum.php

Signatures

Hancitor family
hancitor

Files

71b7e61a072f8a063a0ad1d3673f2694d18878788ad36808f3f0a04bb7e91464
.dll windows x86

559d7f683356c58f04f061849901282c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessHeap
HeapAlloc
HeapFree
GetEnvironmentVariableA
lstrcatA
CreateProcessA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
GetThreadContext
SetThreadContext
ResumeThread
CloseHandle

Exports

Exports

Start
Stop

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy