Overview

overview

10

Static

static

3

d7c87a7359...57.dll

windows7-x64

10

d7c87a7359...57.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7c87a735968d424d5c0aa2794d23657

  • Size

    654KB

  • Sample

    240320-d6mf9sgd6w

  • MD5

    d7c87a735968d424d5c0aa2794d23657

  • SHA1

    957a6ef9961e71d0207c5ab2ccc153b41f73e110

  • SHA256

    306d564fba556c9db12269b01bdadb3eba19e43c60f180c6f41a72a1fc9840d3

  • SHA512

    5ef0e40f059cb752421af3123deef73df4544fe1653efdfdfa277ed879d06f6eb6d6ff5234ae159746f2dc9bbc167273851c1a14ace3f38bcd1661828b0e35d5

  • SSDEEP

    12288:QbcUPtAsi4iSgTYTY+BnbOmRtwFysBYaABtUO1OSnVVVVTDrh:/AtnLuTYZymSYaABt1QS

Score
10/10
hancitor0308_spnv5downloader

Malware Config

Extracted

Family

hancitor

Botnet

0308_spnv5

C2

http://priekornat.com/8/forum.php

http://stionsomi.ru/8/forum.php

http://arviskeist.ru/8/forum.php

Targets

    • Target

      d7c87a735968d424d5c0aa2794d23657

    • Size

      654KB

    • MD5

      d7c87a735968d424d5c0aa2794d23657

    • SHA1

      957a6ef9961e71d0207c5ab2ccc153b41f73e110

    • SHA256

      306d564fba556c9db12269b01bdadb3eba19e43c60f180c6f41a72a1fc9840d3

    • SHA512

      5ef0e40f059cb752421af3123deef73df4544fe1653efdfdfa277ed879d06f6eb6d6ff5234ae159746f2dc9bbc167273851c1a14ace3f38bcd1661828b0e35d5

    • SSDEEP

      12288:QbcUPtAsi4iSgTYTY+BnbOmRtwFysBYaABtUO1OSnVVVVTDrh:/AtnLuTYZymSYaABt1QS

    Score
    10/10
    hancitor0308_spnv5downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks