General

  • Target

    2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca

  • Size

    448KB

  • Sample

    221125-kjmbbahe5s

  • MD5

    693a2ef2503f46a753b22ff8d9441088

  • SHA1

    36bf602290abeb2e0102127e3c741bfbcc5f22fb

  • SHA256

    2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca

  • SHA512

    f04bed19a99dcdf13fd760f9fbb3aa106590151b502ad7a73c38b40efd9c392da17d35f6b0e118209def0487e04aa42ac3be949e5e607abf28ea5bb29687549c

  • SSDEEP

    6144:RAbYRoaL2WD2IAjoArVSqGXbInSoTlpSDSOlBjmZzE9/ZLlgr81BDkSzuvkXl:qYRoa3D2IAYXcnSoJOv6zYur8D3zHV

Malware Config

Extracted

Family

hancitor

Botnet

1002_280302

C2

http://shifiticans.com/8/forum.php

http://anumessensan.ru/8/forum.php

http://grectedparices.ru/8/forum.php

Targets

    • Target

      2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca

    • Size

      448KB

    • MD5

      693a2ef2503f46a753b22ff8d9441088

    • SHA1

      36bf602290abeb2e0102127e3c741bfbcc5f22fb

    • SHA256

      2cdd5e60874d08bf36ce02a8b34962fc3ffeb2276335f66d879c537f28a6a3ca

    • SHA512

      f04bed19a99dcdf13fd760f9fbb3aa106590151b502ad7a73c38b40efd9c392da17d35f6b0e118209def0487e04aa42ac3be949e5e607abf28ea5bb29687549c

    • SSDEEP

      6144:RAbYRoaL2WD2IAjoArVSqGXbInSoTlpSDSOlBjmZzE9/ZLlgr81BDkSzuvkXl:qYRoa3D2IAYXcnSoJOv6zYur8D3zHV

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks