General
-
Target
ef8cf02b28315daff8ea591bc351976b_JaffaCakes118
-
Size
534KB
-
Sample
240414-1brttsea68
-
MD5
ef8cf02b28315daff8ea591bc351976b
-
SHA1
0bc5d06813f9c5aba1369e705dafbc1546c54e4f
-
SHA256
3af1f23c945a8790a256c5cd13bd6f1d29ab5cfa6d40ce88e44aebba33696922
-
SHA512
d62d6671a04ad41b38fece9b86d1517cb876be54ffd367f535ee29d0c2d8bc1c91d8abe3d3af05c01be46bfb73b8f53eadf19f7c4354704a574542649618fe2d
-
SSDEEP
12288:s8CmEKY7gpWMBgroM6scG2u302l0HwbsG7kWunEDXm/zjHwB7:s8CmEj6Bg0MDn2u3049HSn+Xm/s
Malware Config
Extracted
hancitor
1910_nsw
http://newnucapi.com/8/forum.php
http://gintlyba.ru/8/forum.php
http://stralonz.ru/8/forum.php
Targets
-
-
Target
ef8cf02b28315daff8ea591bc351976b_JaffaCakes118
-
Size
534KB
-
MD5
ef8cf02b28315daff8ea591bc351976b
-
SHA1
0bc5d06813f9c5aba1369e705dafbc1546c54e4f
-
SHA256
3af1f23c945a8790a256c5cd13bd6f1d29ab5cfa6d40ce88e44aebba33696922
-
SHA512
d62d6671a04ad41b38fece9b86d1517cb876be54ffd367f535ee29d0c2d8bc1c91d8abe3d3af05c01be46bfb73b8f53eadf19f7c4354704a574542649618fe2d
-
SSDEEP
12288:s8CmEKY7gpWMBgroM6scG2u302l0HwbsG7kWunEDXm/zjHwB7:s8CmEj6Bg0MDn2u3049HSn+Xm/s
Score10/10-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-