Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2018-12-19 - Hancitor malspam file info
- Initial Excel spreadsheet from: 47.74.238[.]191 using the following domains:
- raskinlegal[.]com
- threadbasic[.]com
- j3biosciences[.]com
- healthmarketplus[.]com
- lajecreations[.]com
- indianaworkwear[.]com
- bulkreolist[.]com
- j3bioscience[.]com
- visionsportmotors[.]com
- rflippinbusiness[.]com
- SHA256 hash: 627c6c64c1c4c7fca0cce96abcd8955f139410ecd8d82e03fe36af786b75891b
- File size: 523,264 bytes
- File name: invoice_012345.xls (random digits in the file name)
- File description: Downoaded Excel spreadsheet with macro for Hancitor
- CAPE sandbox analysis: https://cape.contextis.com/analysis/27647/
- Reverse.it analysis: https://www.reverse.it/sample/627c6c64c1c4c7fca0cce96abcd8955f139410ecd8d82e03fe36af786b75891b
- SHA256 hash: 70baae3ae48aa13a7e764c2608ab14edb89ede0765f8d1cbefd301b7c04eff34
- File size: 95,746 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\4CB52522.com
- File location: C:\Users\[username]\AppData\Local\Temp\6.pif
- File description: Hancitor malware (Windows executable file)
- CAPE sandbox analysis: https://cape.contextis.com/analysis/27648/
- Reverse.it analysis: https://www.reverse.it/sample/70baae3ae48aa13a7e764c2608ab14edb89ede0765f8d1cbefd301b7c04eff34
- SHA256 hash: 2bac8916741df425352e5c2220000abb3ffc1f92edadc16590d7d80aad41c07d
- File size: 256,512 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\BN3A60.tmp
- File description: Ursnif retrieved by Hancitor infected host
- CAPE sandbox analysis: https://cape.contextis.com/analysis/27649/
- Reverse.it analysis: https://www.reverse.it/sample/2bac8916741df425352e5c2220000abb3ffc1f92edadc16590d7d80aad41c07d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement