Overview

overview

10

Static

static

8

c054b53fb5...6c.doc

windows7-x64

4

c054b53fb5...6c.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c054b53fb51e6e7b49769d79f4e7ef6c

  • Size

    1.3MB

  • Sample

    221108-nrnqwsgahk

  • MD5

    c054b53fb51e6e7b49769d79f4e7ef6c

  • SHA1

    10d9152380fd82ac7eca98f50b675ae37b35cb1c

  • SHA256

    028cbc9522520565847ec9e384257be5be6fc4fb8dc06c48dec5b8a19e1bec70

  • SHA512

    f0b13e9400de56ebbb647a0086902c81a49f0869cbc7c2a740119bf0d26d763e485b9a06f6ead6a298c7f9ad203ca7ede6c62274949cd361024ee73e284f8e3e

  • SSDEEP

    24576:IEIZ4wA74D4SQKxZcy8gthDWf/chYusVNVQK0U/U8A:I+wJD4QZh/qXKMn70uU8

Score
10/10
hancitor2306_vensipdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2306_vensip

C2

http://extilivelly.com/8/forum.php

http://cludimetifte.ru/8/forum.php

http://sakincesed.ru/8/forum.php

Targets

    • Target

      c054b53fb51e6e7b49769d79f4e7ef6c

    • Size

      1.3MB

    • MD5

      c054b53fb51e6e7b49769d79f4e7ef6c

    • SHA1

      10d9152380fd82ac7eca98f50b675ae37b35cb1c

    • SHA256

      028cbc9522520565847ec9e384257be5be6fc4fb8dc06c48dec5b8a19e1bec70

    • SHA512

      f0b13e9400de56ebbb647a0086902c81a49f0869cbc7c2a740119bf0d26d763e485b9a06f6ead6a298c7f9ad203ca7ede6c62274949cd361024ee73e284f8e3e

    • SSDEEP

      24576:IEIZ4wA74D4SQKxZcy8gthDWf/chYusVNVQK0U/U8A:I+wJD4QZh/qXKMn70uU8

    Score
    10/10
    hancitor2306_vensipdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks