General
-
Target
c47745c73485b8492a301c2754ff895b_JaffaCakes118
-
Size
534KB
-
Sample
240404-3ayl4aea38
-
MD5
c47745c73485b8492a301c2754ff895b
-
SHA1
9a90d06c544c9848d7f384921812877a4fdad5f3
-
SHA256
35dd54998c21502765a5807c3d0da5f67f09e93d90be66881cbe5d5360ae17b0
-
SHA512
11067e4b5ce4d4e5d926958fc57df99cdb278313891b0270b74d14a5a4c8a43c44197dd15ff9ba72cb8e743feaee61d70ee9e5de952c5945cdc9ed1b2d0f2425
-
SSDEEP
12288:k8CmEKY7gpWMBYKoM6scG2u302l0HwbsG7kWunEDXm/zjH0Bq:k8CmEj6BYHMDn2u3049HSn+Xm/9
Malware Config
Extracted
hancitor
1910_nsw
http://newnucapi.com/8/forum.php
http://gintlyba.ru/8/forum.php
http://stralonz.ru/8/forum.php
Targets
-
-
Target
c47745c73485b8492a301c2754ff895b_JaffaCakes118
-
Size
534KB
-
MD5
c47745c73485b8492a301c2754ff895b
-
SHA1
9a90d06c544c9848d7f384921812877a4fdad5f3
-
SHA256
35dd54998c21502765a5807c3d0da5f67f09e93d90be66881cbe5d5360ae17b0
-
SHA512
11067e4b5ce4d4e5d926958fc57df99cdb278313891b0270b74d14a5a4c8a43c44197dd15ff9ba72cb8e743feaee61d70ee9e5de952c5945cdc9ed1b2d0f2425
-
SSDEEP
12288:k8CmEKY7gpWMBYKoM6scG2u302l0HwbsG7kWunEDXm/zjH0Bq:k8CmEj6BYHMDn2u3049HSn+Xm/9
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-