Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2018-12-20 - HANCITOR MALSPAM FILE INFO:
- Initial Excel spreadsheet from: 47.90.254[.]148 using the following domains:
- airxllc[.]com
- idahorxcoupon[.]com
- indianarxcoupon[.]com
- iowarxcoupon[.]com
- kansasrxcoupon[.]com
- kentuckyrxcoupon[.]com
- louisianarxcoupon[.]com
- mainerxcoupon[.]com
- marylandrxcoupon[.]com
- michiganrxcoupon[.]com
- montanarxcoupon[.]com
- minnesotarxcoupon[.]com
- mississippirxcoupon[.]com
- visionsportmotors[.]com
- FILE DETAILS:
- SHA256 hash: f6bfb82eb8bd80cb7f45d9d67f4c2ccf68340be0008fadc8381d75643a61c8e2
- File size: 257,536 bytes
- File name: invoice_194086.xls (random numbers in the file name)
- File description: Downloaded Excel spreadsheet with macros for Hancitor
- CAPE sandbox: https://cape.contextis.com/analysis/27870/
- Reverse.it: https://www.reverse.it/sample/f6bfb82eb8bd80cb7f45d9d67f4c2ccf68340be0008fadc8381d75643a61c8e2
- SHA256 hash: b0a6576e930a3a7c469537e9e229086b1c3b95b24fc5b0e9e474157016be1b59
- File size: 81,922 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\4CB52522.com
- File location: C:\Users\[username]\AppData\Local\Temp\6.pif
- File description: Hancitor malware binary
- CAPE sandbox: https://cape.contextis.com/analysis/27871/
- Reverse.it: https://www.reverse.it/sample/b0a6576e930a3a7c469537e9e229086b1c3b95b24fc5b0e9e474157016be1b59
- SHA256 hash: 5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
- File size: 137,728 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\
- File description: Ursnif retrieved by Hancitor-infected host
- CAPE sandbox: https://cape.contextis.com/analysis/27872/
- Reverse.it: https://www.reverse.it/sample/5061f35b959d1a36808515a9ef02fa92b54bd0448e38c5d9eeab3a89d5c5e97a
- SHA256 hash: d797df921fa015b4b8db8d8a33f248bb62a6515bb60792802bc96ba094ee25b0
- File size: 345,088 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\
- File description: SmokeLoader retrieved by Hancitor-infected host
- CAPE sandbox: https://cape.contextis.com/analysis/27873/
- Reverse.it: https://www.reverse.it/sample/d797df921fa015b4b8db8d8a33f248bb62a6515bb60792802bc96ba094ee25b0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement