General

  • Target

    1e65bf939edfa4648370fdf1b9615e6c_JaffaCakes118

  • Size

    108KB

  • Sample

    240702-htc5aavgjm

  • MD5

    1e65bf939edfa4648370fdf1b9615e6c

  • SHA1

    0d00226040f05506ade9fed89c1542a25b93e181

  • SHA256

    4064ac41dbf2e965456b48d605e61387fbe7ba624b6dec7d8755d8040c17f171

  • SHA512

    de26e04c2f881115a246cc6c0ae137c43e58c15fe417d85491684cdb8da8f47863942b7cd0f5da5f67ae72b9d7851b1637e20089ca1ce1525a7409405824e47e

  • SSDEEP

    3072:UCFs0nvoeH7Y8sLAWoHcYvDwo1F5rFckAX8x:rnv12XuTFMkAsx

Malware Config

Extracted

Family

hancitor

Botnet

0804_549362

C2

http://reprathechim.com/4/forum.php

http://nothatribab.ru/4/forum.php

http://vetibutrew.ru/4/forum.php

Targets

    • Target

      1e65bf939edfa4648370fdf1b9615e6c_JaffaCakes118

    • Size

      108KB

    • MD5

      1e65bf939edfa4648370fdf1b9615e6c

    • SHA1

      0d00226040f05506ade9fed89c1542a25b93e181

    • SHA256

      4064ac41dbf2e965456b48d605e61387fbe7ba624b6dec7d8755d8040c17f171

    • SHA512

      de26e04c2f881115a246cc6c0ae137c43e58c15fe417d85491684cdb8da8f47863942b7cd0f5da5f67ae72b9d7851b1637e20089ca1ce1525a7409405824e47e

    • SSDEEP

      3072:UCFs0nvoeH7Y8sLAWoHcYvDwo1F5rFckAX8x:rnv12XuTFMkAsx

    • Hancitor

      Hancitor is downloader used to deliver other malware families.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks