hancitor | 468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214 | Triage

Sharing

General

Target

468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214
Size

284KB
Sample

230129-wac7tshc3w
MD5

f5f6cbbf839edd829468ad270ac44291
SHA1

66ebda2b8a25c68afddd76aed014ff6ec6e35b77
SHA256

468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214
SHA512

4caecb5e61886460c581d0bbaac239b8cf534b80c4673d18c992c5b1a207e1815b23e38772f4a4871c65e2abecb60ad5cbe4970779268248e528f96bf01de10e
SSDEEP

3072:kVTJvxFMSfYClaK1r/uTwTJOJp8TDNYFh9:6nFrY88ElCy/639

Score

10^/10

hancitor 11hjd03 downloader

Malware Config

Extracted

Family

hancitor

Botnet

11hjd03

C2

http://etsofevenghen.com/4/forum.php

http://hincasupheck.ru/4/forum.php

http://seromratbo.ru/4/forum.php

Targets

- Target
  
  468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214
- Size
  
  284KB
- MD5
  
  f5f6cbbf839edd829468ad270ac44291
- SHA1
  
  66ebda2b8a25c68afddd76aed014ff6ec6e35b77
- SHA256
  
  468200d4d207a7cc1df245b9670fcf9e3c491dd344643cd7edcf8a82f2cde214
- SHA512
  
  4caecb5e61886460c581d0bbaac239b8cf534b80c4673d18c992c5b1a207e1815b23e38772f4a4871c65e2abecb60ad5cbe4970779268248e528f96bf01de10e
- SSDEEP
  
  3072:kVTJvxFMSfYClaK1r/uTwTJOJp8TDNYFh9:6nFrY88ElCy/639
Score

10^/10

hancitor 11hjd03 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor11hjd03downloader

behavioral2

hancitor11hjd03downloader