SHARE
TWEET

2019-01-23 - malware from Hancitor infection

malware_traffic Jan 23rd, 2019 4,192 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-01-23 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED EXCEL SPREADSHEET WITH MACRO FOR HANCITOR:
  4.  
  5. - SHA256 hash: 56c788830f77316f6f5372446e8553ae28222e9d58c8343cd944f9ce7b4cb936
  6. - File size: 279,552 bytes
  7. - File name: invoice_725109.xls (random numbers in the file name)
  8. - Any.run sandbox: https://app.any.run/tasks/9f526490-9458-4e02-9589-43018ccca76f
  9. - CAPE sandbox: https://cape.contextis.com/analysis/31962/
  10. - Reverse.it: https://www.reverse.it/sample/56c788830f77316f6f5372446e8553ae28222e9d58c8343cd944f9ce7b4cb936
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: 6b217a9d1a1bc1974b00a35bcce8b4bd282daf2053f819fff8fa048eaf7f6853
  15. - File size: 101,376 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\6fsdFfa.com
  17. - File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  18. - Any.run sandbox: https://app.any.run/tasks/d40187e2-ae00-49a2-b4ac-cfedd9caf180
  19. - CAPE sandbox: https://cape.contextis.com/analysis/31963/
  20. - https://www.reverse.it/sample/6b217a9d1a1bc1974b00a35bcce8b4bd282daf2053f819fff8fa048eaf7f6853
  21.  
  22. URSNIF MALWARE BINARY:
  23.  
  24. - SHA256 hash: d8e22774d0dcc693af1465150de8cc828953ab4d05682cd44695c1a9ec7830f7
  25. - File size: 132,096 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BND142.tmp (random Hex characters in file name)
  27. - Any.run sandbox: https://app.any.run/tasks/206294fa-8cb5-4e56-856b-16b6575b052d
  28. - CAPE sandbox: https://cape.contextis.com/analysis/31964/
  29. - https://www.reverse.it/sample/d8e22774d0dcc693af1465150de8cc828953ab4d05682cd44695c1a9ec7830f7
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top