malware_traffic

2019-01-22 - Malware from Hancitor infection

Jan 22nd, 2019
863
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-01-22 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED EXCEL SPREADSHEET WITH MACRO FOR HANCITOR:
  4.  
  5. - SHA256 hash: 76b96c8d796cfcebff34d42e65e5a4ab2770fda42ea3c259097ee068660dfcc2
  6. - File size: 468,992 bytes
  7. - File name: invoice_392690.xls (random numbers in the file name)
  8. - Any.run sandbox: https://app.any.run/tasks/a1395b5b-8ad6-4149-8cbb-97bf91a7fe42
  9. - CAPE sandbox: https://cape.contextis.com/analysis/31665/
  10. - Reverse.it: https://www.reverse.it/sample/76b96c8d796cfcebff34d42e65e5a4ab2770fda42ea3c259097ee068660dfcc2
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: d16f1d82ace24ed81113f0ef315e96a2e4d8a28f848e33f59907078b9dd670a9
  15. - File size: 77,312 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\6fsdFfa.com
  17. - File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  18. - Any.run sandbox: https://app.any.run/tasks/b84b507f-a42a-427b-a53a-ec7e0a316858
  19. - CAPE sandbox: https://cape.contextis.com/analysis/31666/
  20. - https://www.reverse.it/sample/d16f1d82ace24ed81113f0ef315e96a2e4d8a28f848e33f59907078b9dd670a9
  21.  
  22. URSNIF MALWARE BINARY:
  23.  
  24. - SHA256 hash: 4ef443dc917de8b83f54787d666f46aac66defd75d03446678e0900b214e5d2d
  25. - File size: 153,600 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BN7C9E.tmp (random Hex characters in file name)
  27. - Any.run sandbox: https://app.any.run/tasks/c2367bca-a419-4546-8003-6229c486f301
  28. - CAPE sandbox: https://cape.contextis.com/analysis/31667/
  29. - https://www.reverse.it/sample/4ef443dc917de8b83f54787d666f46aac66defd75d03446678e0900b214e5d2d
RAW Paste Data