General
-
Target
ad5155b07bad3b1326cecce84afcd1f2_JaffaCakes118
-
Size
534KB
-
Sample
240404-c4dwnsch47
-
MD5
ad5155b07bad3b1326cecce84afcd1f2
-
SHA1
9cdb592b92cd5068697122a0896492c5528935d0
-
SHA256
41e2e1899e11c4e9efbd7042989a3e5a5960faf205fa181a7486d350a277cc6c
-
SHA512
bc2da878109ab02be53b3306b44448d1b910cf415142aed12236ce0df9709c6bbdd461a2273f17898035667ea40a5b24d375a04c19810c57c21a24abbe809ea1
-
SSDEEP
12288:5r8CmEKY7gpWMB1hoM6scG2u302l0HwbsG7kWunEDXm/zjH8BF:5r8CmEj6B1+MDn2u3049HSn+Xm/e
Malware Config
Extracted
hancitor
1910_nsw
http://newnucapi.com/8/forum.php
http://gintlyba.ru/8/forum.php
http://stralonz.ru/8/forum.php
Targets
-
-
Target
ad5155b07bad3b1326cecce84afcd1f2_JaffaCakes118
-
Size
534KB
-
MD5
ad5155b07bad3b1326cecce84afcd1f2
-
SHA1
9cdb592b92cd5068697122a0896492c5528935d0
-
SHA256
41e2e1899e11c4e9efbd7042989a3e5a5960faf205fa181a7486d350a277cc6c
-
SHA512
bc2da878109ab02be53b3306b44448d1b910cf415142aed12236ce0df9709c6bbdd461a2273f17898035667ea40a5b24d375a04c19810c57c21a24abbe809ea1
-
SSDEEP
12288:5r8CmEKY7gpWMB1hoM6scG2u302l0HwbsG7kWunEDXm/zjH8BF:5r8CmEj6B1+MDn2u3049HSn+Xm/e
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-