Overview

overview

10

Static

static

27dcd98051...b8.dll

windows7-x64

10

27dcd98051...b8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27dcd980511896334e5ac199b42ffb9a2391c2a696652da5bbd2bd7913b7beb8

  • Size

    389KB

  • Sample

    230129-trkxwseg71

  • MD5

    aa57bf47faa19fd0de5cdfd103a41e7d

  • SHA1

    5a70c151a194f6e47147f6eca903b5940772c818

  • SHA256

    27dcd980511896334e5ac199b42ffb9a2391c2a696652da5bbd2bd7913b7beb8

  • SHA512

    6a67972fed76e52e0326d97d6fce6f113d4c57eb99f6b493ffdb054fe012037c9ea8966662104b0ec0ea7f771a39f442ba6802cc1dd14867de1c76d71d888da5

  • SSDEEP

    12288:V17lp2D7gWtUSvuWZJ634myr2H/BRGbmaROV:VVSsE638risLR

Score
10/10
hancitor2502_ser3402downloader

Malware Config

Extracted

Family

hancitor

Botnet

2502_ser3402

C2

http://speritentz.com/8/forum.php

http://afternearde.ru/8/forum.php

http://counivicop.ru/8/forum.php

Targets

    • Target

      27dcd980511896334e5ac199b42ffb9a2391c2a696652da5bbd2bd7913b7beb8

    • Size

      389KB

    • MD5

      aa57bf47faa19fd0de5cdfd103a41e7d

    • SHA1

      5a70c151a194f6e47147f6eca903b5940772c818

    • SHA256

      27dcd980511896334e5ac199b42ffb9a2391c2a696652da5bbd2bd7913b7beb8

    • SHA512

      6a67972fed76e52e0326d97d6fce6f113d4c57eb99f6b493ffdb054fe012037c9ea8966662104b0ec0ea7f771a39f442ba6802cc1dd14867de1c76d71d888da5

    • SSDEEP

      12288:V17lp2D7gWtUSvuWZJ634myr2H/BRGbmaROV:VVSsE638risLR

    Score
    10/10
    hancitor2502_ser3402downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks