Overview

overview

10

Static

static

8

af2da35bd0...4f.doc

windows7-x64

4

af2da35bd0...4f.doc

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af2da35bd05abcc73ce04f9ee775209e6831a4a3df72c9e8531d35e36d84f84f

  • Size

    892KB

  • Sample

    240728-2mwslayfrm

  • MD5

    fc0ac133bbf94c2080a6ed2f06f32d31

  • SHA1

    403cf365bf5672e1df7d0ced3a2603ce87a54e17

  • SHA256

    af2da35bd05abcc73ce04f9ee775209e6831a4a3df72c9e8531d35e36d84f84f

  • SHA512

    94f7cbaf996f332265315b78f8d68210b530917883936041eff1b07c24dee3ca656c1ece4036554642c13a6f42e1976ebda10a620e5815ce15ac12c56f1b2e53

  • SSDEEP

    24576:cEIZ4wAK74NAx5KxZTBG75gdYtYkzyHl4:c+wZ74Nx3c75OpWyHl

Score
10/10
hancitordiscoverydownloadermacromacro_on_action

Malware Config

Targets

    • Target

      af2da35bd05abcc73ce04f9ee775209e6831a4a3df72c9e8531d35e36d84f84f

    • Size

      892KB

    • MD5

      fc0ac133bbf94c2080a6ed2f06f32d31

    • SHA1

      403cf365bf5672e1df7d0ced3a2603ce87a54e17

    • SHA256

      af2da35bd05abcc73ce04f9ee775209e6831a4a3df72c9e8531d35e36d84f84f

    • SHA512

      94f7cbaf996f332265315b78f8d68210b530917883936041eff1b07c24dee3ca656c1ece4036554642c13a6f42e1976ebda10a620e5815ce15ac12c56f1b2e53

    • SSDEEP

      24576:cEIZ4wAK74NAx5KxZTBG75gdYtYkzyHl4:c+wZ74Nx3c75OpWyHl

    Score
    10/10
    discoveryhancitordownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks