hancitor | 5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058 | Triage

Sharing

General

Target

5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058
Size

201KB
Sample

230129-zyrxnsch92
MD5

d240a34a8d3dd8c479346b5fca4dbd89
SHA1

93b869d50c12e2ecbc1927ef64a13bcdcd5ba816
SHA256

5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058
SHA512

525ce03a1c7e299edec17b0f2aba986471c8f5f0f7884b6d8c97c37594d0813b5391f85edde7c3a91c4ad729657387dbee57e345d02f5df40e83064ecfb00828
SSDEEP

3072:XWjbxamdPuF2AuvJl1NqSQUGtKI0qAmTmWjPSUduW3XrciT+PeaVYCs:XWjl2FJuvJXQzcIdy4us7ciT+PVYD

Score

10^/10

hancitor 2202_pro23 downloader

Malware Config

Extracted

Family

hancitor

Botnet

2202_pro23

C2

http://aftereand.com/8/forum.php

http://nevemicies.ru/8/forum.php

http://froplivernat.ru/8/forum.php

Targets

- Target
  
  5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058
- Size
  
  201KB
- MD5
  
  d240a34a8d3dd8c479346b5fca4dbd89
- SHA1
  
  93b869d50c12e2ecbc1927ef64a13bcdcd5ba816
- SHA256
  
  5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058
- SHA512
  
  525ce03a1c7e299edec17b0f2aba986471c8f5f0f7884b6d8c97c37594d0813b5391f85edde7c3a91c4ad729657387dbee57e345d02f5df40e83064ecfb00828
- SSDEEP
  
  3072:XWjbxamdPuF2AuvJl1NqSQUGtKI0qAmTmWjPSUduW3XrciT+PeaVYCs:XWjl2FJuvJXQzcIdy4us7ciT+PVYD
Score

10^/10

hancitor 2202_pro23 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2202_pro23downloader

behavioral2

hancitor2202_pro23downloader