hancitor | e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6 | Triage

Submit
Reports

Overview

overview

Static

static

8

e88b804939...e6.doc

windows7-x64

4

e88b804939...e6.doc

windows10-2004-x64

Sharing

General

Target

e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6
Size

893KB
Sample

240728-14vfessblc
MD5

32248c17f968e76bbe8b90ea3be8f6f9
SHA1

0d5318656d07f6a071b2ca3db6a96da387873941
SHA256

e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6
SHA512

92213947b957c90aecf00df21b795018a174aa1aab38d42c4e8b93124429adc7ce1d599698834805103fd7c6f2a6bae0700305c3a692a43e1a9c74950137947b
SSDEEP

24576:jEIZ4wAK74NAx5KxZTBG75gdLtYkzyHtSD:j+wZ74Nx3c75OyWyHt

Score

10^/10

hancitor discovery downloader macro macro_on_action

Static task

static1

macro macro_on_action

2 signatures

Behavioral task

behavioral1

Sample

e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6.doc

Resource

win7-20240705-en

windows7-x64

6 signatures

60 seconds

Behavioral task

behavioral2

Sample

e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6.doc

Resource

win10v2004-20240709-en

hancitor discovery downloader

windows10-2004-x64

13 signatures

60 seconds

Malware Config

Targets

- Target
  
  e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6
- Size
  
  893KB
- MD5
  
  32248c17f968e76bbe8b90ea3be8f6f9
- SHA1
  
  0d5318656d07f6a071b2ca3db6a96da387873941
- SHA256
  
  e88b8049397c21d470396692ef208d696364e36e556690297779cf68e311a9e6
- SHA512
  
  92213947b957c90aecf00df21b795018a174aa1aab38d42c4e8b93124429adc7ce1d599698834805103fd7c6f2a6bae0700305c3a692a43e1a9c74950137947b
- SSDEEP
  
  24576:jEIZ4wAK74NAx5KxZTBG75gdLtYkzyHtSD:j+wZ74Nx3c75OyWyHt
Score

10^/10

discovery hancitor downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

hancitordiscoverydownloader

© 2018-2024

Terms | Privacy