Overview

overview

10

Static

static

3

2172fdc853...d9.dll

windows7-x64

10

2172fdc853...d9.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2172fdc8532872295d309682c5f323d9

  • Size

    400KB

  • Sample

    231231-amcaeadcel

  • MD5

    2172fdc8532872295d309682c5f323d9

  • SHA1

    a539b7fcb7706ade3f5a3e9b01c27ae2399fbe61

  • SHA256

    efbdd00df327459c9db2ffc79b2408f7f3c60e8ba5f8c5ffd0debaff986863a8

  • SHA512

    7aa5c086f027fe6a2507389b9b3f0390649e8ab4f3080c89827dfcbfbf3ede5d9df5f9b385a3596f1b7bb0a9d80b330edee7a9b88c868090f7d9ce151e862191

  • SSDEEP

    12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049:rj6smL+dAZE6Ig

Score
10/10
hancitor2508_bqplfdownloader

Malware Config

Extracted

Family

hancitor

Botnet

2508_bqplf

C2

http://intakinger.com/8/forum.php

http://idgentexpliet.ru/8/forum.php

http://declassivan.ru/8/forum.php

Targets

    • Target

      2172fdc8532872295d309682c5f323d9

    • Size

      400KB

    • MD5

      2172fdc8532872295d309682c5f323d9

    • SHA1

      a539b7fcb7706ade3f5a3e9b01c27ae2399fbe61

    • SHA256

      efbdd00df327459c9db2ffc79b2408f7f3c60e8ba5f8c5ffd0debaff986863a8

    • SHA512

      7aa5c086f027fe6a2507389b9b3f0390649e8ab4f3080c89827dfcbfbf3ede5d9df5f9b385a3596f1b7bb0a9d80b330edee7a9b88c868090f7d9ce151e862191

    • SSDEEP

      12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049:rj6smL+dAZE6Ig

    Score
    10/10
    hancitor2508_bqplfdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks