SHARE
TWEET

2019-01-22 - Malware from Hancitor infection

malware_traffic Jan 22nd, 2019 748 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-01-22 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED EXCEL SPREADSHEET WITH MACRO FOR HANCITOR:
  4.  
  5. - SHA256 hash: 76b96c8d796cfcebff34d42e65e5a4ab2770fda42ea3c259097ee068660dfcc2
  6. - File size: 468,992 bytes
  7. - File name: invoice_392690.xls (random numbers in the file name)
  8. - Any.run sandbox: https://app.any.run/tasks/a1395b5b-8ad6-4149-8cbb-97bf91a7fe42
  9. - CAPE sandbox: https://cape.contextis.com/analysis/31665/
  10. - Reverse.it: https://www.reverse.it/sample/76b96c8d796cfcebff34d42e65e5a4ab2770fda42ea3c259097ee068660dfcc2
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: d16f1d82ace24ed81113f0ef315e96a2e4d8a28f848e33f59907078b9dd670a9
  15. - File size: 77,312 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\6fsdFfa.com
  17. - File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  18. - Any.run sandbox: https://app.any.run/tasks/b84b507f-a42a-427b-a53a-ec7e0a316858
  19. - CAPE sandbox: https://cape.contextis.com/analysis/31666/
  20. - https://www.reverse.it/sample/d16f1d82ace24ed81113f0ef315e96a2e4d8a28f848e33f59907078b9dd670a9
  21.  
  22. URSNIF MALWARE BINARY:
  23.  
  24. - SHA256 hash: 4ef443dc917de8b83f54787d666f46aac66defd75d03446678e0900b214e5d2d
  25. - File size: 153,600 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BN7C9E.tmp (random Hex characters in file name)
  27. - Any.run sandbox: https://app.any.run/tasks/c2367bca-a419-4546-8003-6229c486f301
  28. - CAPE sandbox: https://cape.contextis.com/analysis/31667/
  29. - https://www.reverse.it/sample/4ef443dc917de8b83f54787d666f46aac66defd75d03446678e0900b214e5d2d
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top