Overview

overview

10

Static

static

3

bcb2cb4b10...18.dll

windows7-x64

10

bcb2cb4b10...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcb2cb4b1013272f4ffd5b4a572d1ba4_JaffaCakes118

  • Size

    153KB

  • Sample

    240618-s2tr4szcnf

  • MD5

    bcb2cb4b1013272f4ffd5b4a572d1ba4

  • SHA1

    10088466c6a991a67a71392ec93d3cdfc6e5864f

  • SHA256

    c3ca95d1ffbcc03b2759edd3d14705f56e32f0bd88e051686ee1e78ae03ec0b9

  • SHA512

    e114319901c27d7587e68ca44d5cda9f12ce59b719ad080811ac07de765325c692edd341cea6dd9f75ba80de620e0ce9a2fbc61c060f45ee1a8af3f32936a0e8

  • SSDEEP

    1536:pd8MIMZT8M4FWSclXyID9sp9phaLRgOzl3OZdmzZZRNSWmB416bfQw93JPw5Wval:pybMF8h09HDi8WOzZkqZZD6O3wF3v

Score
10/10
hancitor2301_983487downloader

Malware Config

Extracted

Family

hancitor

Botnet

2301_983487

C2

http://tariroalz.com/4/forum.php

http://rindicatle.ru/4/forum.php

http://torssestih.ru/4/forum.php

Targets

    • Target

      bcb2cb4b1013272f4ffd5b4a572d1ba4_JaffaCakes118

    • Size

      153KB

    • MD5

      bcb2cb4b1013272f4ffd5b4a572d1ba4

    • SHA1

      10088466c6a991a67a71392ec93d3cdfc6e5864f

    • SHA256

      c3ca95d1ffbcc03b2759edd3d14705f56e32f0bd88e051686ee1e78ae03ec0b9

    • SHA512

      e114319901c27d7587e68ca44d5cda9f12ce59b719ad080811ac07de765325c692edd341cea6dd9f75ba80de620e0ce9a2fbc61c060f45ee1a8af3f32936a0e8

    • SSDEEP

      1536:pd8MIMZT8M4FWSclXyID9sp9phaLRgOzl3OZdmzZZRNSWmB416bfQw93JPw5Wval:pybMF8h09HDi8WOzZkqZZD6O3wF3v

    Score
    10/10
    hancitor2301_983487downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks