hancitor | 8e69a8a341fe5e6cd33cc988a587f4fd7bb9d3a774de2f818ec3f96ab916f455 | Triage

Sharing

General

Target

8e69a8a341fe5e6cd33cc988a587f4fd7bb9d3a774de2f818ec3f96ab916f455
Size

208KB
Sample

221130-sy9n6ace47
MD5

12acc6ef2281ea82c77dc610db32c739
SHA1

8f1fe8dea7c06dca48612ebc5805f05d3d51d582
SHA256

8e69a8a341fe5e6cd33cc988a587f4fd7bb9d3a774de2f818ec3f96ab916f455
SHA512

e33d7d4a8d42713fa7158d681ff683d98af9d4910936b0497261fa5489ae130bd9314e99cb40e43f02132465da7c90ab48c7690e97531310797b0500b34bba77
SSDEEP

6144:fWiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:fv6BxdcD7MpBJC/uqVuQp

Score

10^/10

hancitor 1702_pro23 downloader

Malware Config

Extracted

Family

hancitor

Botnet

1702_pro23

C2

http://hatuderefer.com/8/forum.php

http://thavelede.ru/8/forum.php

http://zinsubtal.ru/8/forum.php

Targets

- Target
  
  8e69a8a341fe5e6cd33cc988a587f4fd7bb9d3a774de2f818ec3f96ab916f455
- Size
  
  208KB
- MD5
  
  12acc6ef2281ea82c77dc610db32c739
- SHA1
  
  8f1fe8dea7c06dca48612ebc5805f05d3d51d582
- SHA256
  
  8e69a8a341fe5e6cd33cc988a587f4fd7bb9d3a774de2f818ec3f96ab916f455
- SHA512
  
  e33d7d4a8d42713fa7158d681ff683d98af9d4910936b0497261fa5489ae130bd9314e99cb40e43f02132465da7c90ab48c7690e97531310797b0500b34bba77
- SSDEEP
  
  6144:fWiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:fv6BxdcD7MpBJC/uqVuQp
Score

10^/10

hancitor 1702_pro23 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor1702_pro23downloader

behavioral2

hancitor1702_pro23downloader