Overview

overview

10

Static

static

8

abfdc758c2...ac.doc

windows7-x64

4

abfdc758c2...ac.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abfdc758c2f28a670d7474448d45dcac

  • Size

    1.3MB

  • Sample

    221108-nrj3psgagp

  • MD5

    abfdc758c2f28a670d7474448d45dcac

  • SHA1

    0b18454885918bcda8403bd8a95ae6a04aa1f992

  • SHA256

    ea578abc194c0cdd7cff923d0e935fe3cf462c70011cef72126a40ac632a18ac

  • SHA512

    82402cafbd5f0443fdf68614feee830ba846cd0f7d46185ae68abc03e58155c8d0a0080e64ae6aa868d74865bff8bd9685fda6f6f957ae827d997a22d81086f0

  • SSDEEP

    24576:fEIZ4wA74D4SQKxZcy8gthDWl/chYusVNVQK0U/p8C:f+wJD4QZh/qdKMn70up8

Score
10/10
hancitor2306_vensipdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2306_vensip

C2

http://extilivelly.com/8/forum.php

http://cludimetifte.ru/8/forum.php

http://sakincesed.ru/8/forum.php

Targets

    • Target

      abfdc758c2f28a670d7474448d45dcac

    • Size

      1.3MB

    • MD5

      abfdc758c2f28a670d7474448d45dcac

    • SHA1

      0b18454885918bcda8403bd8a95ae6a04aa1f992

    • SHA256

      ea578abc194c0cdd7cff923d0e935fe3cf462c70011cef72126a40ac632a18ac

    • SHA512

      82402cafbd5f0443fdf68614feee830ba846cd0f7d46185ae68abc03e58155c8d0a0080e64ae6aa868d74865bff8bd9685fda6f6f957ae827d997a22d81086f0

    • SSDEEP

      24576:fEIZ4wA74D4SQKxZcy8gthDWl/chYusVNVQK0U/p8C:f+wJD4QZh/qdKMn70up8

    Score
    10/10
    hancitor2306_vensipdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks