Overview

overview

10

Static

static

3

f0a292819d...18.dll

windows7-x64

10

f0a292819d...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f0a292819d13490468b78d60b1a719f0_JaffaCakes118

  • Size

    348KB

  • Sample

    240415-j3qmeace71

  • MD5

    f0a292819d13490468b78d60b1a719f0

  • SHA1

    8faa644b5ee5f9a009268bc7c8dcb9f66e5ced18

  • SHA256

    abd33ae587a1e765da811dccbabaa9548613b4c4d89eb344f5d1ca0173b9590a

  • SHA512

    8c143d9342f4c11abe59dd9c101ba3c6772fc7af21b1f6c6a520270113ee823fe4c0b2480d743cb5f32050856531b01e0e006b1dc5d50d91b82e52322bf48d1a

  • SSDEEP

    6144:kurKzLBOhPhBrcARdn1mBWmSlBGHUXyOUrU7TAOe6hXPSSzuCW0:kurULgh5BvdsycHAhH06h5XW0

Score
10/10
hancitor0109_iqwnmdownloader

Malware Config

Extracted

Family

hancitor

Botnet

0109_iqwnm

C2

http://asinvotheir.com/8/forum.php

http://ditrismale.ru/8/forum.php

http://clatrommon.ru/8/forum.php

Targets

    • Target

      f0a292819d13490468b78d60b1a719f0_JaffaCakes118

    • Size

      348KB

    • MD5

      f0a292819d13490468b78d60b1a719f0

    • SHA1

      8faa644b5ee5f9a009268bc7c8dcb9f66e5ced18

    • SHA256

      abd33ae587a1e765da811dccbabaa9548613b4c4d89eb344f5d1ca0173b9590a

    • SHA512

      8c143d9342f4c11abe59dd9c101ba3c6772fc7af21b1f6c6a520270113ee823fe4c0b2480d743cb5f32050856531b01e0e006b1dc5d50d91b82e52322bf48d1a

    • SSDEEP

      6144:kurKzLBOhPhBrcARdn1mBWmSlBGHUXyOUrU7TAOe6hXPSSzuCW0:kurULgh5BvdsycHAhH06h5XW0

    Score
    10/10
    hancitor0109_iqwnmdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks