General
-
Target
7b5b74ed8ca5f213d111ec2fced1f446
-
Size
623KB
-
Sample
240127-1lex1sefgn
-
MD5
7b5b74ed8ca5f213d111ec2fced1f446
-
SHA1
ba9a35d82106d6c0ce5c50b4861e20c20cacac42
-
SHA256
797fb35ec5ef998f910b1b488a3a394f0d2921e26f1625cd46bfc294800484a4
-
SHA512
4e09f3001c4b8f43f45140e359c61242bd1106bfce527f60813c8a9101213ce0048f3be68d34a3a7289ecd68b900f72c760647b6c702f62c15a580779ea29836
-
SSDEEP
12288:7V9iQsDr8NJEUYfwg8I3HMzNK3Rb+jC4xU4Wht:7VXkr8NWUYhR3HMBK3RMet
Malware Config
Extracted
hancitor
1908_jkdsf
http://thookedaurce.com/8/forum.php
http://foolockpary.ru/8/forum.php
http://usitemithe.ru/8/forum.php
Targets
-
-
Target
7b5b74ed8ca5f213d111ec2fced1f446
-
Size
623KB
-
MD5
7b5b74ed8ca5f213d111ec2fced1f446
-
SHA1
ba9a35d82106d6c0ce5c50b4861e20c20cacac42
-
SHA256
797fb35ec5ef998f910b1b488a3a394f0d2921e26f1625cd46bfc294800484a4
-
SHA512
4e09f3001c4b8f43f45140e359c61242bd1106bfce527f60813c8a9101213ce0048f3be68d34a3a7289ecd68b900f72c760647b6c702f62c15a580779ea29836
-
SSDEEP
12288:7V9iQsDr8NJEUYfwg8I3HMzNK3Rb+jC4xU4Wht:7VXkr8NWUYhR3HMBK3RMet
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-