malware_traffic

File hashes from Hancitor infection on Monday 2019-0722

Jul 22nd, 2019
1,597
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. FILE HASHES FROM HANCITOR INFECTION ON MONDAY 2019-07-22:
  2.  
  3. SHA256 hash: 906edebbf3746e1e090d99d0d95b73fd9792fc580fcfb6e9a96b31da9b130cd4
  4. File size: 58,682 bytes
  5. File name: 10703351608909_4400271827.zip
  6. File description: Zip attachment from Hancitor malspam
  7.  
  8. SHA256 hash: 11a095ec826664ca0467187fe0cd4eb78b488232052c0f75c524081a5de33139
  9. File size: 122,537 bytes
  10. File name: 10703351608909_7812450780530.vbs
  11. File description: Extracted VBS file from zip attachment from Hancitor malspam
  12.  
  13. SHA256 hash: 8dc83fec12b74d8efe7584241e8ac26c41262e70635ae7c405cfe7b4a819bddf
  14. File size: 80,573 bytes
  15. File location: C:\Users\[username]\AppData\Local\Temp\yddSomO.exe
  16. File description: Hancitor malware binary dropped by VBS file (possibly detected as Amadey)
  17.  
  18. SHA256 hash: e7162b183bc1586d1dc4aa9f3cac8d52685dff269bf5fcab2b9dd389d0b2e64d
  19. File size: 8 bytes
  20. File location: C:\Users\[username]\AppData\Local\Temp\rFEoVZsY
  21. File description: Text file that appeared the same time as the Hancitor malware binary listed above
  22.  
  23. SHA256 hash: d3c9cd2e0c333f932d87a42bd6bfc5089e63a5c7ec04552ec1afe1db56aec418
  24. File size: 246,784 bytes
  25. File location: hxxp://neu.x-sait.de/wp-content/plugins/mce-table-buttons/pp.exe
  26. File location: C:\Users\[username]\AppData\Local\Temp\pp.exe
  27. File description: Pony retrieved by Hancitor-infected Windows host
  28.  
  29. SHA256 hash: 7aa84b4ce4fbf937632d3008981c3ef8ff63e1ff846fdbb55060f3973d2507a9
  30. FFile size: 258,560 bytes
  31. ile location: hxxp://neu.x-sait[.]de/wp-content/plugins/mce-table-buttons/4.exe
  32. File location: C:\Users\[username]\AppData\Local\Temp\4.exe
  33. File description: Ursnif retrieved by Hancitor-infected Windows host
  34.  
  35. SHA256 hash: 90c07dab9517f3a46da09a4b5b7910e3ac61577c5f3f7913d62cbd337d3e02df
  36. File location: hxxp://ectcnepal[.]org/wp-includes/customize/a22.exe
  37. File size: 118,784 bytes
  38. File location: C:\Users\[username]\AppData\Local\Temp\a22.exe
  39. File description: Binary retrieved by the Hancitor-infected Windows host that caused Cobalt Strike traffic
  40.  
  41. SHA256 hash: f4b5a8452b1ba2868e1fa129070db082797e893844e65dd051b306a76b60bf49
  42. File size: 210,944 bytes
  43. File location: hxxp://31.44.184[.]33/H7mp
  44. File description: Cobalt Strike binary retrieved by the previous EXE listed above
RAW Paste Data