hancitor | 4fc205955c7c12fce971e664cbad64b674b6d2e815ba0eca6d26b450b391212e | Triage

Sharing

General

Target

0d602b614e2695523b2eca07c922e864_JaffaCakes118
Size

96KB
Sample

240625-kckh5ssbkn
MD5

0d602b614e2695523b2eca07c922e864
SHA1

8d64db0f97084f1f09a600a383e90b7634155071
SHA256

4fc205955c7c12fce971e664cbad64b674b6d2e815ba0eca6d26b450b391212e
SHA512

792e083fcae341f663bc487b2a13ba48fa8799d6616ed2f7db8806d18a288c421dadc60d1afefa7f50c9a2c5128bf3d40ec84f24d5921a3abc52f076d40cfc86
SSDEEP

1536:bTP6R3msfnvhMK5t3/OeESiF2pUJLPOp1bg+4JNmrnp:nM3muxjWvSiF+UJUFyJWnp

Score

10^/10

hancitor 1504_285263 downloader

Malware Config

Extracted

Family

hancitor

Botnet

1504_285263

C2

http://tinkedrepaning.com/4/forum.php

http://thetenwiwo.ru/4/forum.php

http://suhadmoat.ru/4/forum.php

Targets

- Target
  
  0d602b614e2695523b2eca07c922e864_JaffaCakes118
- Size
  
  96KB
- MD5
  
  0d602b614e2695523b2eca07c922e864
- SHA1
  
  8d64db0f97084f1f09a600a383e90b7634155071
- SHA256
  
  4fc205955c7c12fce971e664cbad64b674b6d2e815ba0eca6d26b450b391212e
- SHA512
  
  792e083fcae341f663bc487b2a13ba48fa8799d6616ed2f7db8806d18a288c421dadc60d1afefa7f50c9a2c5128bf3d40ec84f24d5921a3abc52f076d40cfc86
- SSDEEP
  
  1536:bTP6R3msfnvhMK5t3/OeESiF2pUJLPOp1bg+4JNmrnp:nM3muxjWvSiF+UJUFyJWnp
Score

10^/10

hancitor 1504_285263 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor1504_285263downloader

behavioral2

hancitor1504_285263downloader