Overview

overview

10

Static

static

3

7d947a3d37...1e.dll

windows7-x64

10

7d947a3d37...1e.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d947a3d37f370b12fec5f1df82dfd1e

  • Size

    800KB

  • Sample

    240128-v3kxpsgbdq

  • MD5

    7d947a3d37f370b12fec5f1df82dfd1e

  • SHA1

    e5999fccef4769c0c7ae66b9ec6eaaf7c3326c46

  • SHA256

    bb3cfed0b433c158af3238573507836cd6c42a40240852a0ae22bcfd48038b8c

  • SHA512

    9bf47cbfa989cbd55e48675b83799559cc7ffa40023520dfe072d4889872abe341d099e9915d96b7c5ef0aea05e554ec58dd0f91e3b0324f53d922dbd09b675f

  • SSDEEP

    12288:holXVy6UibVx/dxXgDynQj3EKML/7k3mfdwgbwmoCcwciVVVV2D+03h:mllwIxXgD4U3EKML+4wm9cwuN

Score
10/10
hancitor1808_plfrdownloader

Malware Config

Extracted

Family

hancitor

Botnet

1808_plfr

C2

http://madmilons.com/8/forum.php

http://counteent.ru/8/forum.php

http://simatereare.ru/8/forum.php

Targets

    • Target

      7d947a3d37f370b12fec5f1df82dfd1e

    • Size

      800KB

    • MD5

      7d947a3d37f370b12fec5f1df82dfd1e

    • SHA1

      e5999fccef4769c0c7ae66b9ec6eaaf7c3326c46

    • SHA256

      bb3cfed0b433c158af3238573507836cd6c42a40240852a0ae22bcfd48038b8c

    • SHA512

      9bf47cbfa989cbd55e48675b83799559cc7ffa40023520dfe072d4889872abe341d099e9915d96b7c5ef0aea05e554ec58dd0f91e3b0324f53d922dbd09b675f

    • SSDEEP

      12288:holXVy6UibVx/dxXgDynQj3EKML/7k3mfdwgbwmoCcwciVVVV2D+03h:mllwIxXgD4U3EKML+4wm9cwuN

    Score
    10/10
    hancitor1808_plfrdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks