Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hancitor data for Tuesday 2018-12-18:
- Some domains used in links from the emails to download the initial Excel spreadsheet:
- - co2meter[.]in
- - co2meters[.]co
- - co2meters[.]us
- - gaslab[.]kr
- - gaslab[.]mx
- SHA256 hash: 79b1d08d8afc60e72518db75615af3d232d86809ea75881fa10af7e5736adc4a
- File size: 521,728 bytes
- File name: invoice_012345.xls (random numbers in the file name)
- File description: Excel spreadsheet with macro to drop Hancitor binary
- Sample available at: https://cape.contextis.com/analysis/27376/
- Sample available at: https://www.reverse.it/sample/79b1d08d8afc60e72518db75615af3d232d86809ea75881fa10af7e5736adc4a
- SHA256 hash: 14fca96dd1d99d7e9bfcd9a830294ce0488b357cf2b4c0898f798e40c0efd248
- File size: 94,210 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\4CB52522.com
- File location: C:\Users\[username]\AppData\Local\Temp\6.exe
- File location: C:\Users\[username]\AppData\Local\Temp\6.pif
- File description: Hancitor malware binary
- Sample available at: https://cape.contextis.com/analysis/27374/
- Sample available at: https://www.reverse.it/sample/14fca96dd1d99d7e9bfcd9a830294ce0488b357cf2b4c0898f798e40c0efd248
- SHA256 hash: 35c58b14a3e5526cac8bbc1cb43d56ba5947b1de0c5f3c9fd9b9bd4f25685fc3
- File size: 225,280 bytes
- File location: C:\Users\[username]\AppData\Local\Temp\BN52C1.tmp
- File description: Ursnif retrieved by Hancitor-infected host
- Sample available at: https://cape.contextis.com/analysis/27375/
- Sample available at: https://www.reverse.it/sample/35c58b14a3e5526cac8bbc1cb43d56ba5947b1de0c5f3c9fd9b9bd4f25685fc3
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement