Overview

overview

10

Static

static

3

3246d6ec68...30.dll

windows7-x64

10

3246d6ec68...30.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.bin

  • Size

    486KB

  • Sample

    230427-l1r4kagh5t

  • MD5

    3f756c0689209815a6519a83acfea461

  • SHA1

    641c3834b4fd3209ebc2cce0cb5e9f35f382ad69

  • SHA256

    3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630

  • SHA512

    15d3f97bf4d98b6fa2bb14a32557c9469e76f3d0ee863a6f26919eb49b93aea6581dc58eec91fb91e3666af4de87a6b2588daa53539045e656ad1c291b3b29c6

  • SSDEEP

    12288:Kf5NGH5+nA+R7L05les5ZlUEKoQNne3De0:2wZ+V7w5lesFUst

Score
10/10
hancitor2806_ldfa1downloader

Malware Config

Extracted

Family

hancitor

Botnet

2806_ldfa1

C2

http://raeonoran.com/8/forum.php

http://duclowtionly.ru/8/forum.php

http://unteladenad.ru/8/forum.php

Targets

    • Target

      3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630.bin

    • Size

      486KB

    • MD5

      3f756c0689209815a6519a83acfea461

    • SHA1

      641c3834b4fd3209ebc2cce0cb5e9f35f382ad69

    • SHA256

      3246d6ec68556a22b9e5e978ef263472363502122317209fb61cbd884e5db630

    • SHA512

      15d3f97bf4d98b6fa2bb14a32557c9469e76f3d0ee863a6f26919eb49b93aea6581dc58eec91fb91e3666af4de87a6b2588daa53539045e656ad1c291b3b29c6

    • SSDEEP

      12288:Kf5NGH5+nA+R7L05les5ZlUEKoQNne3De0:2wZ+V7w5lesFUst

    Score
    10/10
    hancitor2806_ldfa1downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks