Guest User

Hancitor data for Tuesday 2018-12-18

a guest
Dec 18th, 2018
583
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Hancitor data for Tuesday 2018-12-18:
  2.  
  3. Some domains used in links from the emails to download the initial Excel spreadsheet:
  4.  
  5. - co2meter[.]in
  6. - co2meters[.]co
  7. - co2meters[.]us
  8. - gaslab[.]kr
  9. - gaslab[.]mx
  10.  
  11. SHA256 hash: 79b1d08d8afc60e72518db75615af3d232d86809ea75881fa10af7e5736adc4a
  12. File size: 521,728 bytes
  13. File name: invoice_012345.xls (random numbers in the file name)
  14. File description: Excel spreadsheet with macro to drop Hancitor binary
  15. Sample available at: https://cape.contextis.com/analysis/27376/
  16. Sample available at: https://www.reverse.it/sample/79b1d08d8afc60e72518db75615af3d232d86809ea75881fa10af7e5736adc4a
  17.  
  18. SHA256 hash: 14fca96dd1d99d7e9bfcd9a830294ce0488b357cf2b4c0898f798e40c0efd248
  19. File size: 94,210 bytes
  20. File location: C:\Users\[username]\AppData\Local\Temp\4CB52522.com
  21. File location: C:\Users\[username]\AppData\Local\Temp\6.exe
  22. File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  23. File description: Hancitor malware binary
  24. Sample available at: https://cape.contextis.com/analysis/27374/
  25. Sample available at: https://www.reverse.it/sample/14fca96dd1d99d7e9bfcd9a830294ce0488b357cf2b4c0898f798e40c0efd248
  26.  
  27. SHA256 hash: 35c58b14a3e5526cac8bbc1cb43d56ba5947b1de0c5f3c9fd9b9bd4f25685fc3
  28. File size: 225,280 bytes
  29. File location: C:\Users\[username]\AppData\Local\Temp\BN52C1.tmp
  30. File description: Ursnif retrieved by Hancitor-infected host
  31. Sample available at: https://cape.contextis.com/analysis/27375/
  32. Sample available at: https://www.reverse.it/sample/35c58b14a3e5526cac8bbc1cb43d56ba5947b1de0c5f3c9fd9b9bd4f25685fc3
RAW Paste Data