Overview

overview

10

Static

static

5cfa76abb7...58.dll

windows7-x64

10

5cfa76abb7...58.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058

  • Size

    201KB

  • Sample

    230129-zyrxnsch92

  • MD5

    d240a34a8d3dd8c479346b5fca4dbd89

  • SHA1

    93b869d50c12e2ecbc1927ef64a13bcdcd5ba816

  • SHA256

    5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058

  • SHA512

    525ce03a1c7e299edec17b0f2aba986471c8f5f0f7884b6d8c97c37594d0813b5391f85edde7c3a91c4ad729657387dbee57e345d02f5df40e83064ecfb00828

  • SSDEEP

    3072:XWjbxamdPuF2AuvJl1NqSQUGtKI0qAmTmWjPSUduW3XrciT+PeaVYCs:XWjl2FJuvJXQzcIdy4us7ciT+PVYD

Score
10/10
hancitor2202_pro23downloader

Malware Config

Extracted

Family

hancitor

Botnet

2202_pro23

C2

http://aftereand.com/8/forum.php

http://nevemicies.ru/8/forum.php

http://froplivernat.ru/8/forum.php

Targets

    • Target

      5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058

    • Size

      201KB

    • MD5

      d240a34a8d3dd8c479346b5fca4dbd89

    • SHA1

      93b869d50c12e2ecbc1927ef64a13bcdcd5ba816

    • SHA256

      5cfa76abb7ddf699258ab72dc481101f4ace4c63325ab7f70147498c4e8b8058

    • SHA512

      525ce03a1c7e299edec17b0f2aba986471c8f5f0f7884b6d8c97c37594d0813b5391f85edde7c3a91c4ad729657387dbee57e345d02f5df40e83064ecfb00828

    • SSDEEP

      3072:XWjbxamdPuF2AuvJl1NqSQUGtKI0qAmTmWjPSUduW3XrciT+PeaVYCs:XWjl2FJuvJXQzcIdy4us7ciT+PVYD

    Score
    10/10
    hancitor2202_pro23downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks