General

  • Target

    d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34

  • Size

    208KB

  • Sample

    221130-wy8cwagb5x

  • MD5

    93d7b8618b69d64f00b175fa3b83c8a7

  • SHA1

    de4a66a1416c29eb0dc199f7103affe0cd6e2931

  • SHA256

    d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34

  • SHA512

    bbc9a2f803caa063676a3a30b37bd5ec62ad2c628f5e4cd9a8d44a4e4dd0aceb2c389ae4b06da6b7a6406a9a9b1cdeca11b921dc34198c37d0bfee3ff3085b75

  • SSDEEP

    6144:+WiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:+v6BxdcD7MpBJC/uqVuQp

Malware Config

Extracted

Family

hancitor

Botnet

1702_pro23

C2

http://hatuderefer.com/8/forum.php

http://thavelede.ru/8/forum.php

http://zinsubtal.ru/8/forum.php

Targets

    • Target

      d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34

    • Size

      208KB

    • MD5

      93d7b8618b69d64f00b175fa3b83c8a7

    • SHA1

      de4a66a1416c29eb0dc199f7103affe0cd6e2931

    • SHA256

      d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34

    • SHA512

      bbc9a2f803caa063676a3a30b37bd5ec62ad2c628f5e4cd9a8d44a4e4dd0aceb2c389ae4b06da6b7a6406a9a9b1cdeca11b921dc34198c37d0bfee3ff3085b75

    • SSDEEP

      6144:+WiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:+v6BxdcD7MpBJC/uqVuQp

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks