SHARE
TWEET

2019-01-16 - malware from Hancitor infection

malware_traffic Jan 16th, 2019 570 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-01-16 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED EXCEL SPREADSHEET WITH MACRO FOR HANCITOR:
  4.  
  5. - SHA256 hash: b5818529e226a30591eb4cddee881538f19509dd139e099bb056d8e8ce5ac055
  6. - File size: 274,432 bytes
  7. - File name: invoice_947531.xls (random numbers in the file name)
  8. - Any.run sandbox: https://app.any.run/tasks/af037870-46b3-46d3-9f9d-a2f1da21ecf0
  9. - CAPE sandbox: https://cape.contextis.com/analysis/30361/
  10. - Reverse.it: https://www.reverse.it/sample/b5818529e226a30591eb4cddee881538f19509dd139e099bb056d8e8ce5ac055
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: 1199b24d407ccdddf83fafaf8d63e971edaafded99214bee6b2ad4906729e4d7
  15. - File size: 94,210 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\6fsdFfa.com
  17. - File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  18. - Any.run sandbox: https://app.any.run/tasks/bf1b5196-9777-42f9-9b95-b223f649aec6
  19. - CAPE sandbox: https://cape.contextis.com/analysis/30363/
  20. - https://www.reverse.it/sample/1199b24d407ccdddf83fafaf8d63e971edaafded99214bee6b2ad4906729e4d7
  21.  
  22. URSNIF MALWARE BINARY:
  23.  
  24. - SHA256 hash: d31f2993ec21c24064ce1f2987e10bfe271103880777b476c0d1812423c1c4b0
  25. - File size: 236,032 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BNCD5C.tmp (random Hex characters in file name)
  27. - Any.run sandbox: https://app.any.run/tasks/f66e551c-32d9-472e-84fb-8655c465c518
  28. - CAPE sandbox: https://cape.contextis.com/analysis/30370/
  29. - https://www.reverse.it/sample/d31f2993ec21c24064ce1f2987e10bfe271103880777b476c0d1812423c1c4b0
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top