hancitor | a997a35a48fc1995021575fbacc996fa6e5d04dab8dc947b9c97199e3f6b84d7 | Triage

Sharing

General

Target

a997a35a48fc1995021575fbacc996fa6e5d04dab8dc947b9c97199e3f6b84d7
Size

209KB
Sample

221108-mmqh9acba6
MD5

65c7d5e31a26914836027e82ac0a5476
SHA1

9e0d4e13740074175ae3641e61b5fe817cc06743
SHA256

a997a35a48fc1995021575fbacc996fa6e5d04dab8dc947b9c97199e3f6b84d7
SHA512

08b6d43cb62a6916025e331e4981b7291b0dcd3c2d84dee30c78c4accf11abb571f87608817443100bac13a410b8f27951ae346ce69be9183dd51762481efd30
SSDEEP

6144:M+KQ169l70XFtIb35tSMLsLgWG5DNfROt2ez:UQSO1++YsLiBUtP

Score

10^/10

hancitor 0512_54355435 downloader

Malware Config

Extracted

Family

hancitor

Botnet

0512_54355435

C2

http://furnandol.com/4/forum.php

http://rashomedz.ru/4/forum.php

http://blyineveng.ru/4/forum.php

Targets

- Target
  
  4696233109873277.vbs
- Size
  
  870KB
- MD5
  
  8e73555843a4d416c21103d61f550dd0
- SHA1
  
  3562e225fdd65276810cfcf9d168c616179af7c7
- SHA256
  
  8b9ca248a7c278592ff4096afb155b605cfb60d5559173bea494961b7ff7056e
- SHA512
  
  d898bdd95d591efbfe965fadbb2117b7d38ab9a241ea3b91dc4da3049b55d56c741aeb1f8814efbe589ebe2db0525ce8c6aef658ea31b0530d1b73adc59b832b
- SSDEEP
  
  24576:96lLg+R5WZdswPhE31UTfnPItO9wBRPnkDsWhwDRVV2Omn:x
Score

10^/10

hancitor 0512_54355435 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hancitor0512_54355435downloader

behavioral2