General

  • Target

    4198ac1dc34de77ab8ceac3c9a25480e_JaffaCakes118

  • Size

    525KB

  • Sample

    240330-w6dhgabg41

  • MD5

    4198ac1dc34de77ab8ceac3c9a25480e

  • SHA1

    f8fb1264a292aecb6c2bf5c5d4f3e199e3a822ad

  • SHA256

    8ff43b6ddf6243bd5ee073f9987920fa223809f589d151d7e438fd8cc08ce292

  • SHA512

    37dd3c50283daa7be1fb831820d273b7663dddce4d98c87c8d08864fac2dc00daf243ca6e50e028d4f04262160f5dea9a98000cffb67d70c07875d3fc2e4c47c

  • SSDEEP

    12288:4sskVmMfu4CN1NYPkDbkuN90VOR47wn2vTPHXL2n2UT1p0:v0NYPkEuz0VOR47w2rvXyD0

Malware Config

Extracted

Family

hancitor

Botnet

1910_nsw

C2

http://newnucapi.com/8/forum.php

http://gintlyba.ru/8/forum.php

http://stralonz.ru/8/forum.php

Targets

    • Target

      4198ac1dc34de77ab8ceac3c9a25480e_JaffaCakes118

    • Size

      525KB

    • MD5

      4198ac1dc34de77ab8ceac3c9a25480e

    • SHA1

      f8fb1264a292aecb6c2bf5c5d4f3e199e3a822ad

    • SHA256

      8ff43b6ddf6243bd5ee073f9987920fa223809f589d151d7e438fd8cc08ce292

    • SHA512

      37dd3c50283daa7be1fb831820d273b7663dddce4d98c87c8d08864fac2dc00daf243ca6e50e028d4f04262160f5dea9a98000cffb67d70c07875d3fc2e4c47c

    • SSDEEP

      12288:4sskVmMfu4CN1NYPkDbkuN90VOR47wn2vTPHXL2n2UT1p0:v0NYPkEuz0VOR47w2rvXyD0

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks