Overview

overview

10

Static

static

5c30867e49...df.dll

windows7-x64

10

5c30867e49...df.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c30867e49e1350f29abaf39bfc847aa7fed196c250b82125f71b7e0e06211df

  • Size

    146KB

  • Sample

    220801-ss7mlsahb7

  • MD5

    2789d8ecc091ca006e426a9db9361d7d

  • SHA1

    9c33b1d66a6000119348cf61fa774d7769449456

  • SHA256

    5c30867e49e1350f29abaf39bfc847aa7fed196c250b82125f71b7e0e06211df

  • SHA512

    a782b451ff592be6cb78af5dafbdb41d172e5f1422a5b63943dd03782d8c31c746429ddfaa61b54460effc0a14d544fae72ebb35734afa69c71634310046ff4b

Score
10/10
hancitor1012_3278324downloader

Malware Config

Extracted

Family

hancitor

Botnet

1012_3278324

C2

http://lappoing.com/4/forum.php

http://theirchus.ru/4/forum.php

http://andalicur.ru/4/forum.php

Targets

    • Target

      5c30867e49e1350f29abaf39bfc847aa7fed196c250b82125f71b7e0e06211df

    • Size

      146KB

    • MD5

      2789d8ecc091ca006e426a9db9361d7d

    • SHA1

      9c33b1d66a6000119348cf61fa774d7769449456

    • SHA256

      5c30867e49e1350f29abaf39bfc847aa7fed196c250b82125f71b7e0e06211df

    • SHA512

      a782b451ff592be6cb78af5dafbdb41d172e5f1422a5b63943dd03782d8c31c746429ddfaa61b54460effc0a14d544fae72ebb35734afa69c71634310046ff4b

    Score
    10/10
    hancitor1012_3278324downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks