General

  • Target

    99c4b9083ed613bc38904eec3e37d24d3ca092067ee54e373cc3c8d6339857a6.zip

  • Size

    143KB

  • Sample

    221114-lqlh2abf5x

  • MD5

    55435d557764a612f2cd41566e6e771a

  • SHA1

    7a720ffcdcc94d40a0c101c0f4b0e674ed9e7907

  • SHA256

    6f200f4221984afde1d4e6d53ed639bdf321624445551fb33a60ee60635f9a76

  • SHA512

    0b93f5b478427625e67d5e9c3ead7ce2f718e5a3ea1cb72b2e6417709a64eea8941532897b94547920f1b3b81e02b528f80a574a61bbab41540ba7b8028e7118

  • SSDEEP

    3072:sS0MZ1E6O5x+ju4Dj4gRUUxgDRQANzwI6VQxKX1e12PdEeuJiP:ssjEvXuZ2EgDFNAVQxKX01ha

Malware Config

Extracted

Family

hancitor

Botnet

1907_hjfsd

C2

http://thervidolown.com/8/forum.php

http://wiltuslads.ru/8/forum.php

http://anithedtatione.ru/8/forum.php

Targets

    • Target

      99c4b9083ed613bc38904eec3e37d24d3ca092067ee54e373cc3c8d6339857a6.dll

    • Size

      244KB

    • MD5

      24190cd699631d16521dfb588b2571a3

    • SHA1

      546a86929e82babd0ee6f970d7729e3bf6a14698

    • SHA256

      99c4b9083ed613bc38904eec3e37d24d3ca092067ee54e373cc3c8d6339857a6

    • SHA512

      fd3123ababc536c2530785d52b3323c1250da0d41e18574ee2877013c6ac033f08157e1221cb3b01d971a3e214eba19bbcc4d29b3ea482cc52b433ecb6eacb21

    • SSDEEP

      3072:NaB6VAs0MHXGRjH4a/aULqLJKy7ZzUTTzhKseYjgWK/WKLPJ+OY65D:NU6ZXshyfJKy9QDh7+hYi

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks