hancitor | 25b773d34fb3cdaf47d12efe8b83579c6134d612050542d87e529d0ca5191dc3 | Triage

Submit
Reports

Overview

overview

Static

static

3

6a3d79f41a...05.dll

windows7-x64

6a3d79f41a...05.dll

windows10-2004-x64

Sharing

General

Target

6a3d79f41ad61de63427c5baff49e005
Size

800KB
Sample

240120-mz2gaaghf8
MD5

6a3d79f41ad61de63427c5baff49e005
SHA1

02c53f32e73727f140e2fc7de9c9e033e87f109d
SHA256

25b773d34fb3cdaf47d12efe8b83579c6134d612050542d87e529d0ca5191dc3
SHA512

15c0e27f6e80cb34e690959addc47a9a169cc5eabf0251a05cfbeff188f28368582d45bb434c9888f134128b3ec094d3b955b6b47dca73491d9e04a8998c2710
SSDEEP

12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049BV3KhhWj6TCPmLpGGFk7ZioaZUp6n:rj6smL+dAZE6Ignj6smL+dAZE6Ig

Score

10^/10

hancitor 2508_bqplf downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6a3d79f41ad61de63427c5baff49e005.dll

Resource

win7-20231215-en

hancitor 2508_bqplf downloader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

6a3d79f41ad61de63427c5baff49e005.dll

Resource

win10v2004-20231222-en

hancitor 2508_bqplf downloader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2508_bqplf

C2

http://intakinger.com/8/forum.php

http://idgentexpliet.ru/8/forum.php

http://declassivan.ru/8/forum.php

Targets

- Target
  
  6a3d79f41ad61de63427c5baff49e005
- Size
  
  800KB
- MD5
  
  6a3d79f41ad61de63427c5baff49e005
- SHA1
  
  02c53f32e73727f140e2fc7de9c9e033e87f109d
- SHA256
  
  25b773d34fb3cdaf47d12efe8b83579c6134d612050542d87e529d0ca5191dc3
- SHA512
  
  15c0e27f6e80cb34e690959addc47a9a169cc5eabf0251a05cfbeff188f28368582d45bb434c9888f134128b3ec094d3b955b6b47dca73491d9e04a8998c2710
- SSDEEP
  
  12288:LV3KhhWj6TCPmLpGGFk7ZioaZUp6I/nS049BV3KhhWj6TCPmLpGGFk7ZioaZUp6n:rj6smL+dAZE6Ignj6smL+dAZE6Ig
Score

10^/10

hancitor 2508_bqplf downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2508_bqplfdownloader

behavioral2

hancitor2508_bqplfdownloader

© 2018-2024

Terms | Privacy