Hancitor Malware Analizi

Dosya Ozellikleri

SHA256: 533aac672d8b5bf749eb282b985765fec5f5fd5c2e4b5c27935b7f3d2dfbc9cc

MD5: 5c8a1beaef7e504654fefcfe369a2009

Dosya Tipi: doc

Boyut: 1,117,696 byte

Ilk Gorulme: 2021-05-20

AV Imzasi: Hancitor

Raporlayan: TeamDreier

Etiketler: Hancitor

Statik analiz: metadata tabanli (ornek indirilmedi)

Hancitor — Malware Profile

Hancitor (Chanitor) email dropper. PuTTY SSH disguise. Cobalt Strike/Ficker dropper.

Malware Type
Loader
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

Loader ailesi: HTTP/HTTPS C2, payload sifre cozme ve bellek icerisinde yükleme, anti-sandbox/VM kontrolleri, process injection, persistence mekanizmasi, yükü indirme ve calistirma zinciri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — Hancitor
# FILEPATH 533aac672d8b5bf749eb282b985765fec5f5fd5c2e4b5c27935b7f3d2dfbc9cc
TypeValueNote
filepath 533aac672d8b5bf749eb282b985765fec5f5fd5c2e4b5c27935b7f3d2dfbc9cc PDB

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
5.61.46.161 ip 80 HTTP sinkholed UA

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
Hancitor