hancitor | 3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630 | Triage

Submit
Reports

Overview

overview

Static

static

3

3246d6ec68...30.dll

windows7-x64

3246d6ec68...30.dll

windows10-2004-x64

Sharing

General

Target

3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.bin
Size

486KB
Sample

230427-l1r4kagh5t
MD5

3f756c0689209815a6519a83acfea461
SHA1

641c3834b4fd3209ebc2cce0cb5e9f35f382ad69
SHA256

3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630
SHA512

15d3f97bf4d98b6fa2bb14a32557c9469e76f3d0ee863a6f26919eb49b93aea6581dc58eec91fb91e3666af4de87a6b2588daa53539045e656ad1c291b3b29c6
SSDEEP

12288:Kf5NGH5+nA+R7L05les5ZlUEKoQNne3De0:2wZ+V7w5lesFUst

Score

10^/10

hancitor 2806_ldfa1 downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.dll

Resource

win7-20230220-en

hancitor 2806_ldfa1 downloader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.dll

Resource

win10v2004-20230221-en

hancitor 2806_ldfa1 downloader

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2806_ldfa1

C2

http://raeonoran.com/8/forum.php

http://duclowtionly.ru/8/forum.php

http://unteladenad.ru/8/forum.php

Targets

- Target
  
  3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.bin
- Size
  
  486KB
- MD5
  
  3f756c0689209815a6519a83acfea461
- SHA1
  
  641c3834b4fd3209ebc2cce0cb5e9f35f382ad69
- SHA256
  
  3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630
- SHA512
  
  15d3f97bf4d98b6fa2bb14a32557c9469e76f3d0ee863a6f26919eb49b93aea6581dc58eec91fb91e3666af4de87a6b2588daa53539045e656ad1c291b3b29c6
- SSDEEP
  
  12288:Kf5NGH5+nA+R7L05les5ZlUEKoQNne3De0:2wZ+V7w5lesFUst
Score

10^/10

hancitor 2806_ldfa1 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2806_ldfa1downloader

behavioral2

hancitor2806_ldfa1downloader

© 2018-2024

Terms | Privacy