hancitor | d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34 | Triage

Sharing

General

Target

93d7b8618b69d64f00b175fa3b83c8a7_JaffaCakes118
Size

208KB
Sample

240813-tvq83steqf
MD5

93d7b8618b69d64f00b175fa3b83c8a7
SHA1

de4a66a1416c29eb0dc199f7103affe0cd6e2931
SHA256

d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34
SHA512

bbc9a2f803caa063676a3a30b37bd5ec62ad2c628f5e4cd9a8d44a4e4dd0aceb2c389ae4b06da6b7a6406a9a9b1cdeca11b921dc34198c37d0bfee3ff3085b75
SSDEEP

6144:+WiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:+v6BxdcD7MpBJC/uqVuQp

Score

10^/10

hancitor 1702_pro23 discovery downloader

Malware Config

Extracted

Family

hancitor

Botnet

1702_pro23

C2

http://hatuderefer.com/8/forum.php

http://thavelede.ru/8/forum.php

http://zinsubtal.ru/8/forum.php

Targets

- Target
  
  93d7b8618b69d64f00b175fa3b83c8a7_JaffaCakes118
- Size
  
  208KB
- MD5
  
  93d7b8618b69d64f00b175fa3b83c8a7
- SHA1
  
  de4a66a1416c29eb0dc199f7103affe0cd6e2931
- SHA256
  
  d46b06c4e54b291c1c069192522d253520f16ea2c0665662257f88c632b1bb34
- SHA512
  
  bbc9a2f803caa063676a3a30b37bd5ec62ad2c628f5e4cd9a8d44a4e4dd0aceb2c389ae4b06da6b7a6406a9a9b1cdeca11b921dc34198c37d0bfee3ff3085b75
- SSDEEP
  
  6144:+WiT6BtfdcAXdK7Mp4Ik29CesuqVfDcT56BfL:+v6BxdcD7MpBJC/uqVuQp
Score

10^/10

hancitor 1702_pro23 discovery downloader
- Hancitor
  Hancitor is downloader used to deliver other malware families.
  downloader hancitor
- Blocklisted process makes network request
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hancitor1702_pro23discoverydownloader

behavioral2

hancitor1702_pro23discoverydownloader