hancitor | 5e33970559c4dc766fcc0236c53b04af48ed3f7e4c8d03467e5d2ddae082f423 | Triage

Sharing

General

Target

5e33970559c4dc766fcc0236c53b04af48ed3f7e4c8d03467e5d2ddae082f423
Size

389KB
Sample

230129-trkbcsdd64
MD5

f681b4a16bed5f6269aee217c6cd1222
SHA1

1d6ebeb45311492380202ea0f1bb9c3cb6bd9880
SHA256

5e33970559c4dc766fcc0236c53b04af48ed3f7e4c8d03467e5d2ddae082f423
SHA512

f0543be85146c34312f8014030a83aa00f82e55a63a09d7d55ad2310ade7030f188dfca4ce0b66cc5c636e6d55dcf46673ca71e3900ef79a1ae3964a4c8c4a6f
SSDEEP

12288:V17lp2D7gWtUSvuWZJf34myr2H/BRGbmaROU:VVSsEf38risLR

Score

10^/10

hancitor 2502_ser3402 downloader

Malware Config

Extracted

Family

hancitor

Botnet

2502_ser3402

C2

http://speritentz.com/8/forum.php

http://afternearde.ru/8/forum.php

http://counivicop.ru/8/forum.php

Targets

- Target
  
  5e33970559c4dc766fcc0236c53b04af48ed3f7e4c8d03467e5d2ddae082f423
- Size
  
  389KB
- MD5
  
  f681b4a16bed5f6269aee217c6cd1222
- SHA1
  
  1d6ebeb45311492380202ea0f1bb9c3cb6bd9880
- SHA256
  
  5e33970559c4dc766fcc0236c53b04af48ed3f7e4c8d03467e5d2ddae082f423
- SHA512
  
  f0543be85146c34312f8014030a83aa00f82e55a63a09d7d55ad2310ade7030f188dfca4ce0b66cc5c636e6d55dcf46673ca71e3900ef79a1ae3964a4c8c4a6f
- SSDEEP
  
  12288:V17lp2D7gWtUSvuWZJf34myr2H/BRGbmaROU:VVSsEf38risLR
Score

10^/10

hancitor 2502_ser3402 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2502_ser3402downloader

behavioral2

hancitor2502_ser3402downloader