Analysis
-
max time kernel
144s -
max time network
165s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29-01-2023 17:42
Static task
static1
Behavioral task
behavioral1
Sample
5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exe
Resource
win10v2004-20220812-en
General
-
Target
5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exe
-
Size
96KB
-
MD5
ce7568e54dad53a245b51ed5cb375c7f
-
SHA1
74a1d9948fa28b4d24a332a0eb4d2a4709fdd6aa
-
SHA256
5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929
-
SHA512
876792c021c2c886f3a7fd02f0616e3c65736ecac3eb47da4cf18ca42404f0f0f34632c9e6184ebf65c4b78906fbf3772bdddf2f6e7486517e7e817a944302db
-
SSDEEP
1536:JaIrL2TjvdiNB4KnrtJFNKl1fFhSwGOuyrJ9MkOzqlYw2AvN6:JaIrEvdirLmxFhThuyrJyqic
Malware Config
Extracted
hancitor
0304_87345
http://waorveled.com/4/forum.php
http://hegutceper.ru/4/forum.php
http://dintroprula.ru/4/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 3 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exepid process 808 5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exe 808 5e42ff5404aa8632852afeab9a95187be2bc8a44c37766efa2643b8f3a0bf929.exe