Guest User

2018-12-19 - Hancitor malspam file info

a guest
Dec 19th, 2018
638
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2018-12-19 - Hancitor malspam file info
  2.  
  3. Initial Excel spreadsheet from: 47.74.238[.]191 using the following domains:
  4.  
  5. raskinlegal[.]com
  6. threadbasic[.]com
  7. j3biosciences[.]com
  8. healthmarketplus[.]com
  9. lajecreations[.]com
  10. indianaworkwear[.]com
  11. bulkreolist[.]com
  12. j3bioscience[.]com
  13. visionsportmotors[.]com
  14. rflippinbusiness[.]com
  15.  
  16. SHA256 hash: 627c6c64c1c4c7fca0cce96abcd8955f139410ecd8d82e03fe36af786b75891b
  17. File size: 523,264 bytes
  18. File name: invoice_012345.xls (random digits in the file name)
  19. File description: Downoaded Excel spreadsheet with macro for Hancitor
  20. CAPE sandbox analysis: https://cape.contextis.com/analysis/27647/
  21. Reverse.it analysis: https://www.reverse.it/sample/627c6c64c1c4c7fca0cce96abcd8955f139410ecd8d82e03fe36af786b75891b
  22.  
  23. SHA256 hash: 70baae3ae48aa13a7e764c2608ab14edb89ede0765f8d1cbefd301b7c04eff34
  24. File size: 95,746 bytes
  25. File location: C:\Users\[username]\AppData\Local\Temp\4CB52522.com
  26. File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  27. File description: Hancitor malware (Windows executable file)
  28. CAPE sandbox analysis: https://cape.contextis.com/analysis/27648/
  29. Reverse.it analysis: https://www.reverse.it/sample/70baae3ae48aa13a7e764c2608ab14edb89ede0765f8d1cbefd301b7c04eff34
  30.  
  31. SHA256 hash: 2bac8916741df425352e5c2220000abb3ffc1f92edadc16590d7d80aad41c07d
  32. File size: 256,512 bytes
  33. File location: C:\Users\[username]\AppData\Local\Temp\BN3A60.tmp
  34. File description: Ursnif retrieved by Hancitor infected host
  35. CAPE sandbox analysis: https://cape.contextis.com/analysis/27649/
  36. Reverse.it analysis: https://www.reverse.it/sample/2bac8916741df425352e5c2220000abb3ffc1f92edadc16590d7d80aad41c07d
RAW Paste Data