General
-
Target
877860610fc42b1b257a6190a8c83b11
-
Size
612KB
-
Sample
240201-v2wmtabab3
-
MD5
877860610fc42b1b257a6190a8c83b11
-
SHA1
ce480630cfd1bf1249ba3921ccec1039ddfa69cc
-
SHA256
f9fdb0d3bdfc7e5305bc9444c832a8900a77006ff54a2660c973fec4afa4ab60
-
SHA512
ff1ce342d826ad1f35446265b8dd491c388207b2eaa739b8d8ec7089a9571f0af1ff816b954681ca78bb490cf93e68a7075074645f9c52ada1bce46e2e59c255
-
SSDEEP
12288:sV9iQsDr8NVeCz3DFw7m/kdxoF3aHUp6BvNoywaMFsZjjotAd5Rs+:sVXkr8N4Cz6voFqDisSID
Behavioral task
behavioral1
Sample
877860610fc42b1b257a6190a8c83b11.doc
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
877860610fc42b1b257a6190a8c83b11.doc
Resource
win10v2004-20231215-en
Malware Config
Extracted
hancitor
1808_plfr
http://madmilons.com/8/forum.php
http://counteent.ru/8/forum.php
http://simatereare.ru/8/forum.php
Targets
-
-
Target
877860610fc42b1b257a6190a8c83b11
-
Size
612KB
-
MD5
877860610fc42b1b257a6190a8c83b11
-
SHA1
ce480630cfd1bf1249ba3921ccec1039ddfa69cc
-
SHA256
f9fdb0d3bdfc7e5305bc9444c832a8900a77006ff54a2660c973fec4afa4ab60
-
SHA512
ff1ce342d826ad1f35446265b8dd491c388207b2eaa739b8d8ec7089a9571f0af1ff816b954681ca78bb490cf93e68a7075074645f9c52ada1bce46e2e59c255
-
SSDEEP
12288:sV9iQsDr8NVeCz3DFw7m/kdxoF3aHUp6BvNoywaMFsZjjotAd5Rs+:sVXkr8N4Cz6voFqDisSID
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-