malware_traffic

2019-02-12 - malware from Hancitor infection

Feb 12th, 2019
1,120
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-12 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED XLS SPREADSHEET:
  4.  
  5. - SHA256 hash: d6cb519566aa77b2996522c99edd5ff06069cbb6eb7b6a9f40e0ca80de449a7f
  6. - File size: 120,832 bytes
  7. - File name: invoice_322718.xls (random digits in the file name)
  8. - Any.Run analysis: https://app.any.run/tasks/885624f8-a19e-4e99-a5b7-0701d4b560ae
  9. - CAPE sandbox: https://cape.contextis.com/analysis/36638/
  10. - Reverse.it: https://www.reverse.it/sample/d6cb519566aa77b2996522c99edd5ff06069cbb6eb7b6a9f40e0ca80de449a7f
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: 5cba28ccdc33258e580209009510934c235d177692cc1330d896e2fcab0d075b
  15. - File size: 262,920 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\file.exe
  17. - Any.Run analysis: https://app.any.run/tasks/de7b77a1-bed6-4b58-a337-c3511642d9b8
  18. - CAPE sandbox: https://cape.contextis.com/analysis/36640/
  19. - Reverse.it: https://www.reverse.it/sample/5cba28ccdc33258e580209009510934c235d177692cc1330d896e2fcab0d075b
  20.  
  21. FOLLOW-UP USRNIF MALWARE:
  22.  
  23. - SHA256 hash: 885e5402aa8554edcae0b5a52f4c120699364b60208b0353de0440f81ea5a2b4
  24. - File size: 117,760 bytes
  25. - File location: C:\Users\[username]\AppData\Local\Temp\BN5328.tmp (random digits in the file name)
  26. - Any.Run analysis: https://app.any.run/tasks/07bc44e5-1a65-43e5-b7af-8f0615d6052f
  27. - CAPE sandbox: https://cape.contextis.com/submit/status/36642/
  28. - Reverse.it: https://www.reverse.it/sample/885e5402aa8554edcae0b5a52f4c120699364b60208b0353de0440f81ea5a2b4
RAW Paste Data