Overview

overview

10

Static

static

0708_53551...ll.dll

windows7_x64

10

0708_53551...ll.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0708_5355150121.xll

  • Size

    23KB

  • Sample

    210708-6hrwry8lce

  • MD5

    41e0318dfdb1c180a375a7efc712649e

  • SHA1

    f0c230010c7b85544c25879d4daf74479360e1bc

  • SHA256

    73b8c566d8cdf3200daa0b698b9d32a49b1ea8284a1e6aa6408eb9c9daaacb71

  • SHA512

    b20ec32ba9f7269deda4f70e655bb7a105dde896524bfd9c788605f2a0a26bc3bc7ddceed93c4f7b14404a65107647a9b9840c8adec32c12d92138b69805cc17

Score
10/10
hancitor0707in2_wvcrdownloader

Malware Config

Extracted

Family

hancitor

Botnet

0707in2_wvcr

C2

http://sudepallon.com/8/forum.php

http://anspossthrly.ru/8/forum.php

http://thentabecon.ru/8/forum.php

Targets

    • Target

      0708_5355150121.xll

    • Size

      23KB

    • MD5

      41e0318dfdb1c180a375a7efc712649e

    • SHA1

      f0c230010c7b85544c25879d4daf74479360e1bc

    • SHA256

      73b8c566d8cdf3200daa0b698b9d32a49b1ea8284a1e6aa6408eb9c9daaacb71

    • SHA512

      b20ec32ba9f7269deda4f70e655bb7a105dde896524bfd9c788605f2a0a26bc3bc7ddceed93c4f7b14404a65107647a9b9840c8adec32c12d92138b69805cc17

    Score
    10/10
    hancitor0707in2_wvcrdownloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks