hancitor | 2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613 | Triage

Submit
Reports

Overview

overview

Static

static

3

0524_41093...ax.dll

windows7-x64

0524_41093...ax.dll

windows10-2004-x64

Sharing

General

Target

0524_4109399728218.doc_jax.k
Size

704KB
Sample

240626-eldjastena
MD5

9dc6f214fc82d637de2f68f3c519d339
SHA1

aaa425f7377d405bea59b8adfb65afc0c8869886
SHA256

2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613
SHA512

5cb0a6f3ab48e5127d5c9f638c035dd4b3a97f3eb31334d5bc3eeafc164b31540fea65d6e40abfac8566676c43e954f567dbc2af81a629b4059af7e466d75bef
SSDEEP

12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1ag:HKHaY8k5faaboEy6r8zz1

Score

10^/10

hancitor 2405_pin43 downloader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0524_4109399728218.doc_jax.dll

Resource

win7-20240220-en

hancitor 2405_pin43 downloader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

0524_4109399728218.doc_jax.dll

Resource

win10v2004-20240611-en

hancitor 2405_pin43 downloader

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

hancitor

Botnet

2405_pin43

C2

http://thowerteigime.com/8/forum.php

http://euvereginumet.ru/8/forum.php

http://rhopulforopme.ru/8/forum.php

Targets

- Target
  
  0524_4109399728218.doc_jax.k
- Size
  
  704KB
- MD5
  
  9dc6f214fc82d637de2f68f3c519d339
- SHA1
  
  aaa425f7377d405bea59b8adfb65afc0c8869886
- SHA256
  
  2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613
- SHA512
  
  5cb0a6f3ab48e5127d5c9f638c035dd4b3a97f3eb31334d5bc3eeafc164b31540fea65d6e40abfac8566676c43e954f567dbc2af81a629b4059af7e466d75bef
- SSDEEP
  
  12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1ag:HKHaY8k5faaboEy6r8zz1
Score

10^/10

hancitor 2405_pin43 downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hancitor2405_pin43downloader

behavioral2

hancitor2405_pin43downloader

© 2018-2025

Terms | Privacy