General
-
Target
a997a35a48fc1995021575fbacc996fa6e5d04dab8dc947b9c97199e3f6b84d7
-
Size
209KB
-
Sample
221108-mmqh9acba6
-
MD5
65c7d5e31a26914836027e82ac0a5476
-
SHA1
9e0d4e13740074175ae3641e61b5fe817cc06743
-
SHA256
a997a35a48fc1995021575fbacc996fa6e5d04dab8dc947b9c97199e3f6b84d7
-
SHA512
08b6d43cb62a6916025e331e4981b7291b0dcd3c2d84dee30c78c4accf11abb571f87608817443100bac13a410b8f27951ae346ce69be9183dd51762481efd30
-
SSDEEP
6144:M+KQ169l70XFtIb35tSMLsLgWG5DNfROt2ez:UQSO1++YsLiBUtP
Malware Config
Extracted
hancitor
0512_54355435
http://furnandol.com/4/forum.php
http://rashomedz.ru/4/forum.php
http://blyineveng.ru/4/forum.php
Targets
-
-
Target
4696233109873277.vbs
-
Size
870KB
-
MD5
8e73555843a4d416c21103d61f550dd0
-
SHA1
3562e225fdd65276810cfcf9d168c616179af7c7
-
SHA256
8b9ca248a7c278592ff4096afb155b605cfb60d5559173bea494961b7ff7056e
-
SHA512
d898bdd95d591efbfe965fadbb2117b7d38ab9a241ea3b91dc4da3049b55d56c741aeb1f8814efbe589ebe2db0525ce8c6aef658ea31b0530d1b73adc59b832b
-
SSDEEP
24576:96lLg+R5WZdswPhE31UTfnPItO9wBRPnkDsWhwDRVV2Omn:x
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-