General

  • Target

    f55837c70c1d870facd7cf263c0c4258_JaffaCakes118

  • Size

    138KB

  • Sample

    240925-gp6qcssapc

  • MD5

    f55837c70c1d870facd7cf263c0c4258

  • SHA1

    ea9ed68d74a344b2f5acb52bdb2a785ff13fbd2c

  • SHA256

    a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46

  • SHA512

    789bc3347986d20ce3744706d40ac656304466b889c9564c25ef4fbdf67aaf80c743bdd2e7540f3b35f44ebe447995797bfa5603f4ebe768ac20084a69227222

  • SSDEEP

    1536:Sd8MIMZT8M4FWSclUFRzFO9phaLRgOzl3OZdmzZZ/NFS46Glvs5W1swQ0:SybMF8h0qFbg8WOzZkqZZFFS4d31sR

Malware Config

Extracted

Family

hancitor

Botnet

1812_78213

C2

http://unceliet.com/4/forum.php

http://fitiondice.ru/4/forum.php

http://wordlegromin.ru/4/forum.php

Targets

    • Target

      f55837c70c1d870facd7cf263c0c4258_JaffaCakes118

    • Size

      138KB

    • MD5

      f55837c70c1d870facd7cf263c0c4258

    • SHA1

      ea9ed68d74a344b2f5acb52bdb2a785ff13fbd2c

    • SHA256

      a694c9081cf430f5902b818c0de821a3116cd315c0a5272bd8297655f6087f46

    • SHA512

      789bc3347986d20ce3744706d40ac656304466b889c9564c25ef4fbdf67aaf80c743bdd2e7540f3b35f44ebe447995797bfa5603f4ebe768ac20084a69227222

    • SSDEEP

      1536:Sd8MIMZT8M4FWSclUFRzFO9phaLRgOzl3OZdmzZZ/NFS46Glvs5W1swQ0:SybMF8h0qFbg8WOzZkqZZFFS4d31sR

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks