SHARE
TWEET

File hashes from Hancitor infection on Monday 2019-0722

malware_traffic Jul 22nd, 2019 1,381 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. FILE HASHES FROM HANCITOR INFECTION ON MONDAY 2019-07-22:
  2.  
  3. SHA256 hash: 906edebbf3746e1e090d99d0d95b73fd9792fc580fcfb6e9a96b31da9b130cd4
  4. File size: 58,682 bytes
  5. File name: 10703351608909_4400271827.zip
  6. File description: Zip attachment from Hancitor malspam
  7.  
  8. SHA256 hash: 11a095ec826664ca0467187fe0cd4eb78b488232052c0f75c524081a5de33139
  9. File size: 122,537 bytes
  10. File name: 10703351608909_7812450780530.vbs
  11. File description: Extracted VBS file from zip attachment from Hancitor malspam
  12.  
  13. SHA256 hash: 8dc83fec12b74d8efe7584241e8ac26c41262e70635ae7c405cfe7b4a819bddf
  14. File size: 80,573 bytes
  15. File location: C:\Users\[username]\AppData\Local\Temp\yddSomO.exe
  16. File description: Hancitor malware binary dropped by VBS file (possibly detected as Amadey)
  17.  
  18. SHA256 hash: e7162b183bc1586d1dc4aa9f3cac8d52685dff269bf5fcab2b9dd389d0b2e64d
  19. File size: 8 bytes
  20. File location: C:\Users\[username]\AppData\Local\Temp\rFEoVZsY
  21. File description: Text file that appeared the same time as the Hancitor malware binary listed above
  22.  
  23. SHA256 hash: d3c9cd2e0c333f932d87a42bd6bfc5089e63a5c7ec04552ec1afe1db56aec418
  24. File size: 246,784 bytes
  25. File location: hxxp://neu.x-sait.de/wp-content/plugins/mce-table-buttons/pp.exe
  26. File location: C:\Users\[username]\AppData\Local\Temp\pp.exe
  27. File description: Pony retrieved by Hancitor-infected Windows host
  28.  
  29. SHA256 hash: 7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
  30. FFile size: 258,560 bytes
  31. ile location: hxxp://neu.x-sait[.]de/wp-content/plugins/mce-table-buttons/4.exe
  32. File location: C:\Users\[username]\AppData\Local\Temp\4.exe
  33. File description: Ursnif retrieved by Hancitor-infected Windows host
  34.  
  35. SHA256 hash: 90c07dab9517f3a46da09a4b5b7910e3ac61577c5f3f7913d62cbd337d3e02df
  36. File location: hxxp://ectcnepal[.]org/wp-includes/customize/a22.exe
  37. File size: 118,784 bytes
  38. File location: C:\Users\[username]\AppData\Local\Temp\a22.exe
  39. File description: Binary retrieved by the Hancitor-infected Windows host that caused Cobalt Strike traffic
  40.  
  41. SHA256 hash: f4b5a8452b1ba2868e1fa129070db082797e893844e65dd051b306a76b60bf49
  42. File size: 210,944 bytes
  43. File location: hxxp://31.44.184[.]33/H7mp
  44. File description: Cobalt Strike binary retrieved by the previous EXE listed above
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top