Overview

overview

10

Static

static

3

8bc41922aa...32.dll

windows7-x64

10

8bc41922aa...32.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bc41922aa2635dbce28dbedf8c7c332

  • Size

    348KB

  • Sample

    240203-jf54ksefaj

  • MD5

    8bc41922aa2635dbce28dbedf8c7c332

  • SHA1

    8f08e4b153a817acde40c1e32d1b5343ece8cc0b

  • SHA256

    98a4c62581108b0c40bb18ff399c661a4f3e9678b680b03e36bc42afd40281e8

  • SHA512

    ec5ec0a6736982d7bf41e50c8764cfb363ac8f54244961fd1ba94db69442aaa9dd0ce67b31a094574506741acd006938f585e70a7e1f175efd2c7944942ff7b7

  • SSDEEP

    6144:h3hEPz1JqXgnzmRPIwDLjKvKfF/AOtJ4pwafZ8FGW:huzzwJDTF/HJ2waWFGW

Score
10/10
hancitor3008_hsdj8downloader

Malware Config

Extracted

Family

hancitor

Botnet

3008_hsdj8

C2

http://buichely.com/8/forum.php

http://gratimen.ru/8/forum.php

http://waliteriter.ru/8/forum.php

Targets

    • Target

      8bc41922aa2635dbce28dbedf8c7c332

    • Size

      348KB

    • MD5

      8bc41922aa2635dbce28dbedf8c7c332

    • SHA1

      8f08e4b153a817acde40c1e32d1b5343ece8cc0b

    • SHA256

      98a4c62581108b0c40bb18ff399c661a4f3e9678b680b03e36bc42afd40281e8

    • SHA512

      ec5ec0a6736982d7bf41e50c8764cfb363ac8f54244961fd1ba94db69442aaa9dd0ce67b31a094574506741acd006938f585e70a7e1f175efd2c7944942ff7b7

    • SSDEEP

      6144:h3hEPz1JqXgnzmRPIwDLjKvKfF/AOtJ4pwafZ8FGW:huzzwJDTF/HJ2waWFGW

    Score
    10/10
    hancitor3008_hsdj8downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks