General
-
Target
df5926ad349dad39884d0a71f8c7318b_JaffaCakes118
-
Size
534KB
-
Sample
240406-jqlgxsdh3y
-
MD5
df5926ad349dad39884d0a71f8c7318b
-
SHA1
de672dfb061f7f0d62940800f60ea963dc3cce3b
-
SHA256
6f67beb15edea5f47a2ca655bca9a534e5944e3704a916a2b3d00ed7790e25f0
-
SHA512
98ecd2118850fa1ce7c50554e434a7f7580926d7972abe5ca7a9a6a32d5b5771b598bbab0c7dd49a96157dff7d5451e41249d095d5664b63a72cef14ebc95b3a
-
SSDEEP
12288:o8CmEKY7gpWMB7goM6scG2u302l0HwbsG7kWunEDXm/zjHcB7:o8CmEj6B7pMDn2u3049HSn+Xm/E
Malware Config
Extracted
hancitor
1910_nsw
http://newnucapi.com/8/forum.php
http://gintlyba.ru/8/forum.php
http://stralonz.ru/8/forum.php
Targets
-
-
Target
df5926ad349dad39884d0a71f8c7318b_JaffaCakes118
-
Size
534KB
-
MD5
df5926ad349dad39884d0a71f8c7318b
-
SHA1
de672dfb061f7f0d62940800f60ea963dc3cce3b
-
SHA256
6f67beb15edea5f47a2ca655bca9a534e5944e3704a916a2b3d00ed7790e25f0
-
SHA512
98ecd2118850fa1ce7c50554e434a7f7580926d7972abe5ca7a9a6a32d5b5771b598bbab0c7dd49a96157dff7d5451e41249d095d5664b63a72cef14ebc95b3a
-
SSDEEP
12288:o8CmEKY7gpWMB7goM6scG2u302l0HwbsG7kWunEDXm/zjHcB7:o8CmEj6B7pMDn2u3049HSn+Xm/E
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-