Overview

overview

10

Static

static

8

download(1).doc

windows7-x64

4

download(1).doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    download(1).doc.zip

  • Size

    923KB

  • Sample

    240115-pellfafebp

  • MD5

    0a4563bca606a8e9c8d98dd6affd607f

  • SHA1

    4c605cb156f7cd5c9b498e31e325300a7a0d7979

  • SHA256

    61087666bed01cbb77395f6ed60b48f5d45211e42c2eaf2bd51514cb736963a7

  • SHA512

    70b22319eb2a8e0a6d68cb228dc9e95ff8c38767ada597fce105a0af4905fa227bbe372592f1aa3969f692dab06fd8c32b02bd86937f0d86b7950dd94e7ecf93

  • SSDEEP

    24576:rINvsd3JkqKq5EvMI+GcjXFu1UeRlkFsrnRhem0KYT2dbI:rIN0d3Jk/qWvMFjU1ZR5bRsmhy2dbI

Score
10/10
hancitor2405_pin43downloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

2405_pin43

C2

http://thowerteigime.com/8/forum.php

http://euvereginumet.ru/8/forum.php

http://rhopulforopme.ru/8/forum.php

Targets

    • Target

      download(1).doc

    • Size

      1.3MB

    • MD5

      14f4c470c207e22c3b0a4efa7b4200e8

    • SHA1

      21180195396580a9ade32b589490cf3bc94d3b5b

    • SHA256

      0b22278ddb598d63f07eb983bcf307e0852cd3005c5bc15d4a4f26455562c8ec

    • SHA512

      4adc4275a9105bf94bdce4b9d5821026d99a4adf16579b1b2b23495efbd55cc7bc90a129248a9902c7c75828eac9ac665c8a34c203b428748d9f7b8a80b76823

    • SSDEEP

      24576:nEIjrPUaphvGvGUZ93/semhXp7AsWIKHaY8k5faaboEy6r8zz1:n/jhvGvGU93097AFIKbv0WY/1

    Score
    10/10
    hancitor2405_pin43downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks