Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- FILE HASHES FROM HANCITOR INFECTION ON MONDAY 2019-07-22:
- SHA256 hash: 906edebbf3746e1e090d99d0d95b73fd9792fc580fcfb6e9a96b31da9b130cd4
- File size: 58,682 bytes
- File name: 10703351608909_4400271827.zip
- File description: Zip attachment from Hancitor malspam
- SHA256 hash: 11a095ec826664ca0467187fe0cd4eb78b488232052c0f75c524081a5de33139
- File size: 122,537 bytes
- File name: 10703351608909_7812450780530.vbs
- File description: Extracted VBS file from zip attachment from Hancitor malspam
- SHA256 hash: 8dc83fec12b74d8efe7584241e8ac26c41262e70635ae7c405cfe7b4a819bddf
- File size: 80,573 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\yddSomO.exe
- File description: Hancitor malware binary dropped by VBS file (possibly detected as Amadey)
- SHA256 hash: e7162b183bc1586d1dc4aa9f3cac8d52685dff269bf5fcab2b9dd389d0b2e64d
- File size: 8 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\rFEoVZsY
- File description: Text file that appeared the same time as the Hancitor malware binary listed above
- SHA256 hash: d3c9cd2e0c333f932d87a42bd6bfc5089e63a5c7ec04552ec1afe1db56aec418
- File size: 246,784 bytes
- File location: hxxp://neu.x-sait.de/wp-content/plugins/mce-table-buttons/pp.exe
- File location: C:\Users\[username]\AppData\Local\Temp\pp.exe
- File description: Pony retrieved by Hancitor-infected Windows host
- SHA256 hash: 7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
- FFile size: 258,560 bytes
- ile location: hxxp://neu.x-sait[.]de/wp-content/plugins/mce-table-buttons/4.exe
- File location: C:\Users\[username]\AppData\Local\Temp\4.exe
- File description: Ursnif retrieved by Hancitor-infected Windows host
- SHA256 hash: 90c07dab9517f3a46da09a4b5b7910e3ac61577c5f3f7913d62cbd337d3e02df
- File location: hxxp://ectcnepal[.]org/wp-includes/customize/a22.exe
- File size: 118,784 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\a22.exe
- File description: Binary retrieved by the Hancitor-infected Windows host that caused Cobalt Strike traffic
- SHA256 hash: f4b5a8452b1ba2868e1fa129070db082797e893844e65dd051b306a76b60bf49
- File size: 210,944 bytes
- File location: hxxp://31.44.184[.]33/H7mp
- File description: Cobalt Strike binary retrieved by the previous EXE listed above
RAW Paste Data