Overview

overview

10

Static

static

8

7b5b74ed8c...46.doc

windows7-x64

4

7b5b74ed8c...46.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b5b74ed8ca5f213d111ec2fced1f446

  • Size

    623KB

  • Sample

    240127-1lex1sefgn

  • MD5

    7b5b74ed8ca5f213d111ec2fced1f446

  • SHA1

    ba9a35d82106d6c0ce5c50b4861e20c20cacac42

  • SHA256

    797fb35ec5ef998f910b1b488a3a394f0d2921e26f1625cd46bfc294800484a4

  • SHA512

    4e09f3001c4b8f43f45140e359c61242bd1106bfce527f60813c8a9101213ce0048f3be68d34a3a7289ecd68b900f72c760647b6c702f62c15a580779ea29836

  • SSDEEP

    12288:7V9iQsDr8NJEUYfwg8I3HMzNK3Rb+jC4xU4Wht:7VXkr8NWUYhR3HMBK3RMet

Score
10/10
hancitor1908_jkdsfdownloadermacromacro_on_action

Malware Config

Extracted

Family

hancitor

Botnet

1908_jkdsf

C2

http://thookedaurce.com/8/forum.php

http://foolockpary.ru/8/forum.php

http://usitemithe.ru/8/forum.php

Targets

    • Target

      7b5b74ed8ca5f213d111ec2fced1f446

    • Size

      623KB

    • MD5

      7b5b74ed8ca5f213d111ec2fced1f446

    • SHA1

      ba9a35d82106d6c0ce5c50b4861e20c20cacac42

    • SHA256

      797fb35ec5ef998f910b1b488a3a394f0d2921e26f1625cd46bfc294800484a4

    • SHA512

      4e09f3001c4b8f43f45140e359c61242bd1106bfce527f60813c8a9101213ce0048f3be68d34a3a7289ecd68b900f72c760647b6c702f62c15a580779ea29836

    • SSDEEP

      12288:7V9iQsDr8NJEUYfwg8I3HMzNK3Rb+jC4xU4Wht:7VXkr8NWUYhR3HMBK3RMet

    Score
    10/10
    hancitor1908_jkdsfdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks