Overview

overview

10

Static

static

3

dee18056e6...4a.dll

windows7-x64

10

dee18056e6...4a.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dee18056e6b4c47bd6dd796d993de94a

  • Size

    470KB

  • Sample

    240326-lykxgaae4z

  • MD5

    dee18056e6b4c47bd6dd796d993de94a

  • SHA1

    a813777d59ddf9ea58803a70b8b1142df1d62f89

  • SHA256

    221743da70a514a7edcbebd741f7f325d7f10f6cc576be93ba17ea0d4299b5a2

  • SHA512

    d1f2c9404ee775a1dd9d0c1692d6d3e9c89d1a4fa01da8dc5c5d0ad74e8aff5f1a628b22a89b1dc61bb23c8edbc0144ae230e354c88c414bdac13c267ed44582

  • SSDEEP

    12288:ZCgz28Ovep4u0UK/mZRW/6D9Io2y5wYazTg:ZCgz28OWpj0JK86ao2y5RazE

Score
10/10
hancitor1608_febddownloader

Malware Config

Extracted

Family

hancitor

Botnet

1608_febd

C2

http://patiennerrhe.com/8/forum.php

http://thougolograrly.ru/8/forum.php

http://chopprousite.ru/8/forum.php

Targets

    • Target

      dee18056e6b4c47bd6dd796d993de94a

    • Size

      470KB

    • MD5

      dee18056e6b4c47bd6dd796d993de94a

    • SHA1

      a813777d59ddf9ea58803a70b8b1142df1d62f89

    • SHA256

      221743da70a514a7edcbebd741f7f325d7f10f6cc576be93ba17ea0d4299b5a2

    • SHA512

      d1f2c9404ee775a1dd9d0c1692d6d3e9c89d1a4fa01da8dc5c5d0ad74e8aff5f1a628b22a89b1dc61bb23c8edbc0144ae230e354c88c414bdac13c267ed44582

    • SSDEEP

      12288:ZCgz28Ovep4u0UK/mZRW/6D9Io2y5wYazTg:ZCgz28OWpj0JK86ao2y5RazE

    Score
    10/10
    hancitor1608_febddownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks