Overview

overview

10

Static

static

8

4302bf2881...01.doc

windows7-x64

4

4302bf2881...01.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4302bf2881c2ede737ae438fb4427f01

  • Size

    431KB

  • Sample

    240105-hd48tsehdm

  • MD5

    4302bf2881c2ede737ae438fb4427f01

  • SHA1

    a24199b5c55e2b8c35186d9d6189f36d15540bae

  • SHA256

    643aac263025e8b90c9458a56508d49624e504c0dbf20bdc06f7630cf89d9035

  • SHA512

    42c9f44fd937773ba546dfb11cbae0b77aad5615b8f2bb3c92c04cc30567c51f7f19549baa3ad88637808753b39ded6d283e884e1091e9bab4de4f5a93114a8d

  • SSDEEP

    12288:ZV9iQsDr8NqClDfKTFi1w06/vbOes1AOrk4U:ZVXkr8NTNfKB30AOesoT

Score
10/10
hancitor3008_hsdj8downloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

3008_hsdj8

C2

http://buichely.com/8/forum.php

http://gratimen.ru/8/forum.php

http://waliteriter.ru/8/forum.php

Targets

    • Target

      4302bf2881c2ede737ae438fb4427f01

    • Size

      431KB

    • MD5

      4302bf2881c2ede737ae438fb4427f01

    • SHA1

      a24199b5c55e2b8c35186d9d6189f36d15540bae

    • SHA256

      643aac263025e8b90c9458a56508d49624e504c0dbf20bdc06f7630cf89d9035

    • SHA512

      42c9f44fd937773ba546dfb11cbae0b77aad5615b8f2bb3c92c04cc30567c51f7f19549baa3ad88637808753b39ded6d283e884e1091e9bab4de4f5a93114a8d

    • SSDEEP

      12288:ZV9iQsDr8NqClDfKTFi1w06/vbOes1AOrk4U:ZVXkr8NTNfKB30AOesoT

    Score
    10/10
    hancitor3008_hsdj8downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks