Overview

overview

10

Static

static

5e42ff5404...29.exe

windows7-x64

10

5e42ff5404...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929

  • Size

    96KB

  • Sample

    230129-wacw3ahc3v

  • MD5

    ce7568e54dad53a245b51ed5cb375c7f

  • SHA1

    74a1d9948fa28b4d24a332a0eb4d2a4709fdd6aa

  • SHA256

    5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929

  • SHA512

    876792c021c2c886f3a7fd02f0616e3c65736ecac3eb47da4cf18ca42404f0f0f34632c9e6184ebf65c4b78906fbf3772bdddf2f6e7486517e7e817a944302db

  • SSDEEP

    1536:JaIrL2TjvdiNB4KnrtJFNKl1fFhSwGOuyrJ9MkOzqlYw2AvN6:JaIrEvdirLmxFhThuyrJyqic

Score
10/10
hancitor0304_87345downloader

Malware Config

Extracted

Family

hancitor

Botnet

0304_87345

C2

http://waorveled.com/4/forum.php

http://hegutceper.ru/4/forum.php

http://dintroprula.ru/4/forum.php

Targets

    • Target

      5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929

    • Size

      96KB

    • MD5

      ce7568e54dad53a245b51ed5cb375c7f

    • SHA1

      74a1d9948fa28b4d24a332a0eb4d2a4709fdd6aa

    • SHA256

      5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929

    • SHA512

      876792c021c2c886f3a7fd02f0616e3c65736ecac3eb47da4cf18ca42404f0f0f34632c9e6184ebf65c4b78906fbf3772bdddf2f6e7486517e7e817a944302db

    • SSDEEP

      1536:JaIrL2TjvdiNB4KnrtJFNKl1fFhSwGOuyrJ9MkOzqlYw2AvN6:JaIrEvdirLmxFhThuyrJyqic

    Score
    10/10
    hancitor0304_87345downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks