hancitor | 2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca | Triage

Sharing

General

Target

2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca
Size

448KB
Sample

221125-kjmbbahe5s
MD5

693a2ef2503f46a753b22ff8d9441088
SHA1

36bf602290abeb2e0102127e3c741bfbcc5f22fb
SHA256

2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca
SHA512

f04bed19a99dcdf13fd760f9fbb3aa106590151b502ad7a73c38b40efd9c392da17d35f6b0e118209def0487e04aa42ac3be949e5e607abf28ea5bb29687549c
SSDEEP

6144:RAbYRoaL2WD2IAjoArVSqGXbInSoTlpSDSOlBjmZzE9/ZLlgr81BDkSzuvkXl:qYRoa3D2IAYXcnSoJOv6zYur8D3zHV

Score

10^/10

hancitor 1002_280302 downloader

Malware Config

Extracted

Family

hancitor

Botnet

1002_280302

C2

http://shifiticans.com/8/forum.php

http://anumessensan.ru/8/forum.php

http://grectedparices.ru/8/forum.php

Targets

- Target
  
  2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca
- Size
  
  448KB
- MD5
  
  693a2ef2503f46a753b22ff8d9441088
- SHA1
  
  36bf602290abeb2e0102127e3c741bfbcc5f22fb
- SHA256
  
  2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca
- SHA512
  
  f04bed19a99dcdf13fd760f9fbb3aa106590151b502ad7a73c38b40efd9c392da17d35f6b0e118209def0487e04aa42ac3be949e5e607abf28ea5bb29687549c
- SSDEEP
  
  6144:RAbYRoaL2WD2IAjoArVSqGXbInSoTlpSDSOlBjmZzE9/ZLlgr81BDkSzuvkXl:qYRoa3D2IAYXcnSoJOv6zYur8D3zHV
Score

10^/10

hancitor 1002_280302 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor1002_280302downloader

behavioral2

hancitor1002_280302downloader