General

  • Target

    deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118

  • Size

    164KB

  • Sample

    240913-xhsg6asdql

  • MD5

    deb1e328feb39c49c0a39cd37d4f7792

  • SHA1

    8e05cfa7ad3e238fd5350129793af88db3bcb775

  • SHA256

    790143973633f4d4495230b2d855f5a146123a690e65efc7f3a791295346bc59

  • SHA512

    684ec6fe1629bcdb49b46d42d284f3b03973b9eba6a87d7a5b3ed4a90ed837e7c6ad42ee08095e8f07c66f32c9f09fe46b18b243a91f0f8eac808a680bc0d756

  • SSDEEP

    3072:2SjhqkvgAe7swGXFmXvU7Y98MSGRw1md5ohPQ1DHzQkQqQFwBXHNG+:FHgjaE9fSGR968U

Malware Config

Extracted

Family

hancitor

Botnet

0902_ntcwe4

C2

http://sibetaver.com/8/forum.php

http://ceirsitsin.ru/8/forum.php

http://formawas.ru/8/forum.php

Targets

    • Target

      deb1e328feb39c49c0a39cd37d4f7792_JaffaCakes118

    • Size

      164KB

    • MD5

      deb1e328feb39c49c0a39cd37d4f7792

    • SHA1

      8e05cfa7ad3e238fd5350129793af88db3bcb775

    • SHA256

      790143973633f4d4495230b2d855f5a146123a690e65efc7f3a791295346bc59

    • SHA512

      684ec6fe1629bcdb49b46d42d284f3b03973b9eba6a87d7a5b3ed4a90ed837e7c6ad42ee08095e8f07c66f32c9f09fe46b18b243a91f0f8eac808a680bc0d756

    • SSDEEP

      3072:2SjhqkvgAe7swGXFmXvU7Y98MSGRw1md5ohPQ1DHzQkQqQFwBXHNG+:FHgjaE9fSGR968U

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks