Overview

overview

10

Static

static

3

0524_41093...ax.dll

windows7-x64

10

0524_41093...ax.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0524_4109399728218.doc_jax.k

  • Size

    704KB

  • Sample

    240626-eldjastena

  • MD5

    9dc6f214fc82d637de2f68f3c519d339

  • SHA1

    aaa425f7377d405bea59b8adfb65afc0c8869886

  • SHA256

    2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613

  • SHA512

    5cb0a6f3ab48e5127d5c9f638c035dd4b3a97f3eb31334d5bc3eeafc164b31540fea65d6e40abfac8566676c43e954f567dbc2af81a629b4059af7e466d75bef

  • SSDEEP

    12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1ag:HKHaY8k5faaboEy6r8zz1

Score
10/10
hancitor2405_pin43downloader

Malware Config

Extracted

Family

hancitor

Botnet

2405_pin43

C2

http://thowerteigime.com/8/forum.php

http://euvereginumet.ru/8/forum.php

http://rhopulforopme.ru/8/forum.php

Targets

    • Target

      0524_4109399728218.doc_jax.k

    • Size

      704KB

    • MD5

      9dc6f214fc82d637de2f68f3c519d339

    • SHA1

      aaa425f7377d405bea59b8adfb65afc0c8869886

    • SHA256

      2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613

    • SHA512

      5cb0a6f3ab48e5127d5c9f638c035dd4b3a97f3eb31334d5bc3eeafc164b31540fea65d6e40abfac8566676c43e954f567dbc2af81a629b4059af7e466d75bef

    • SSDEEP

      12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1ag:HKHaY8k5faaboEy6r8zz1

    Score
    10/10
    hancitor2405_pin43downloader

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

      downloaderhancitor

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks