Overview

overview

10

Static

static

3

2de9af5306...18.exe

windows7-x64

10

2de9af5306...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2de9af53069fe83968ff97fdeaffde9f_JaffaCakes118

  • Size

    104KB

  • Sample

    240708-1lmb4asgka

  • MD5

    2de9af53069fe83968ff97fdeaffde9f

  • SHA1

    25803f964fecb58aff9d9a901dc2b53ae5879a38

  • SHA256

    70d16fb632ff6b12eb08d873bee35d27a82df9f76ec4a21a1c09df7befa6ca8c

  • SHA512

    ebc3abc242212a0f0354806dbf0dd1ba2286137ecadad218feeb82a713e62679d26c0c93ccd7385396c719bd204770e041a5bb3af11115d4c487ed1ea704bd10

  • SSDEEP

    3072:G7PlpOLapaE3594bjORYE+Z31kjQaaSU:0lUuH5OgYt32jQa

Score
10/10
hancitor1604_239543downloader

Malware Config

Extracted

Family

hancitor

Botnet

1604_239543

C2

http://gumousethat.com/4/forum.php

http://henletlighny.ru/4/forum.php

http://kethentantit.ru/4/forum.php

Targets

    • Target

      2de9af53069fe83968ff97fdeaffde9f_JaffaCakes118

    • Size

      104KB

    • MD5

      2de9af53069fe83968ff97fdeaffde9f

    • SHA1

      25803f964fecb58aff9d9a901dc2b53ae5879a38

    • SHA256

      70d16fb632ff6b12eb08d873bee35d27a82df9f76ec4a21a1c09df7befa6ca8c

    • SHA512

      ebc3abc242212a0f0354806dbf0dd1ba2286137ecadad218feeb82a713e62679d26c0c93ccd7385396c719bd204770e041a5bb3af11115d4c487ed1ea704bd10

    • SSDEEP

      3072:G7PlpOLapaE3594bjORYE+Z31kjQaaSU:0lUuH5OgYt32jQa

    Score
    10/10
    hancitor1604_239543downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks