General

  • Target

    0d602b614e2695523b2eca07c922e864_JaffaCakes118

  • Size

    96KB

  • Sample

    240625-kckh5ssbkn

  • MD5

    0d602b614e2695523b2eca07c922e864

  • SHA1

    8d64db0f97084f1f09a600a383e90b7634155071

  • SHA256

    4fc205955c7c12fce971e664cbad64b674b6d2e815ba0eca6d26b450b391212e

  • SHA512

    792e083fcae341f663bc487b2a13ba48fa8799d6616ed2f7db8806d18a288c421dadc60d1afefa7f50c9a2c5128bf3d40ec84f24d5921a3abc52f076d40cfc86

  • SSDEEP

    1536:bTP6R3msfnvhMK5t3/OeESiF2pUJLPOp1bg+4JNmrnp:nM3muxjWvSiF+UJUFyJWnp

Malware Config

Extracted

Family

hancitor

Botnet

1504_285263

C2

http://tinkedrepaning.com/4/forum.php

http://thetenwiwo.ru/4/forum.php

http://suhadmoat.ru/4/forum.php

Targets

    • Target

      0d602b614e2695523b2eca07c922e864_JaffaCakes118

    • Size

      96KB

    • MD5

      0d602b614e2695523b2eca07c922e864

    • SHA1

      8d64db0f97084f1f09a600a383e90b7634155071

    • SHA256

      4fc205955c7c12fce971e664cbad64b674b6d2e815ba0eca6d26b450b391212e

    • SHA512

      792e083fcae341f663bc487b2a13ba48fa8799d6616ed2f7db8806d18a288c421dadc60d1afefa7f50c9a2c5128bf3d40ec84f24d5921a3abc52f076d40cfc86

    • SSDEEP

      1536:bTP6R3msfnvhMK5t3/OeESiF2pUJLPOp1bg+4JNmrnp:nM3muxjWvSiF+UJUFyJWnp

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks