Overview

overview

10

Static

static

8

1b8f5b13d7...1b.doc

windows7-x64

4

1b8f5b13d7...1b.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b8f5b13d79bd9de5c10dc79514ce51b

  • Size

    1.3MB

  • Sample

    221108-nrah9sebe8

  • MD5

    1b8f5b13d79bd9de5c10dc79514ce51b

  • SHA1

    a23aeb990164016156951ab1707787122748c8e4

  • SHA256

    eba7c89f492f23bb3cc86520cdd0463be93cdde7ce12674ddb2a109bb4b2bf5c

  • SHA512

    c68026fef436aeed967d560740539417fd3e6603a9f34312bf86469947f5dc3beffae48e012958865825d73624274e39590444543f71e8a770ce4a0284d551e5

  • SSDEEP

    24576:bEIZ4wA74D4SQKxZcy8gthDWs/chYusVNVQK0U/B89:b+wJD4QZh/qKKMn70uB8

Score
10/10
hancitor2306_vensipdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2306_vensip

C2

http://extilivelly.com/8/forum.php

http://cludimetifte.ru/8/forum.php

http://sakincesed.ru/8/forum.php

Targets

    • Target

      1b8f5b13d79bd9de5c10dc79514ce51b

    • Size

      1.3MB

    • MD5

      1b8f5b13d79bd9de5c10dc79514ce51b

    • SHA1

      a23aeb990164016156951ab1707787122748c8e4

    • SHA256

      eba7c89f492f23bb3cc86520cdd0463be93cdde7ce12674ddb2a109bb4b2bf5c

    • SHA512

      c68026fef436aeed967d560740539417fd3e6603a9f34312bf86469947f5dc3beffae48e012958865825d73624274e39590444543f71e8a770ce4a0284d551e5

    • SSDEEP

      24576:bEIZ4wA74D4SQKxZcy8gthDWs/chYusVNVQK0U/B89:b+wJD4QZh/qKKMn70uB8

    Score
    10/10
    hancitor2306_vensipdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks