Overview

overview

10

Static

static

10

hacintor.dll

windows7-x64

8

hacintor.dll

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hacintor

  • Size

    51KB

  • Sample

    230901-msv1xsec2y

  • MD5

    bf50249bc945da25c2f364c216a759e0

  • SHA1

    7df0d15ed36707f2b4979646447c63fd932f4cb1

  • SHA256

    990a4cd6dd9575cbd2122f560ff68420c1c9dbfde3c9d6a5181b0f54a7e497cd

  • SHA512

    6dada5295c135f0446409c4a8acbd9bbae316b38d03ba9c6b5accc348b3e62951f63ec059e2dd40cce3f0d0fbcdd1da63e680671f7664a3b1d43088e911ace49

  • SSDEEP

    384:6AYci7KqOESXvZioqMWFDNs3l89fCncqn5hGb1RDvqv3zUvTJcYn17:6AYF1CvZioE289wNy1RDyD8P17

Score
10/10
hancitor1706_apkreb6

Malware Config

Extracted

Family

hancitor

Botnet

1706_apkreb6

C2

http://thestaccultur.com/8/forum.php

http://arguendinfuld.ru/8/forum.php

http://waxotheousch.ru/8/forum.php

Targets

    • Target

      hacintor

    • Size

      51KB

    • MD5

      bf50249bc945da25c2f364c216a759e0

    • SHA1

      7df0d15ed36707f2b4979646447c63fd932f4cb1

    • SHA256

      990a4cd6dd9575cbd2122f560ff68420c1c9dbfde3c9d6a5181b0f54a7e497cd

    • SHA512

      6dada5295c135f0446409c4a8acbd9bbae316b38d03ba9c6b5accc348b3e62951f63ec059e2dd40cce3f0d0fbcdd1da63e680671f7664a3b1d43088e911ace49

    • SSDEEP

      384:6AYci7KqOESXvZioqMWFDNs3l89fCncqn5hGb1RDvqv3zUvTJcYn17:6AYF1CvZioE289wNy1RDyD8P17

    Score
    8/10

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks