malware_traffic

2019-02-25 - malware from Hancitor infection

Feb 25th, 2019
609
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-25 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED XLS SPREADSHEET:
  4.  
  5. - SHA256 hash: 88b8d1e2f314a82c68dd106fc233231e2dffd05653d4a8ce57341fd611940fe4
  6. - File size: 131,584 bytes
  7. - File name: invoice_866630.xls (random digits in the file name)
  8. - Any.Run analysis: https://app.any.run/tasks/f270c71e-6e06-4aac-bb80-bd14cbb4ffe7
  9. - CAPE sandbox: https://cape.contextis.com/analysis/40068/
  10. - Reverse.it: https://www.reverse.it/sample/88b8d1e2f314a82c68dd106fc233231e2dffd05653d4a8ce57341fd611940fe4
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: 81ebc53905826f9edb4960d3a678196038f5be2f0c145468f8391232ed6793c6
  15. - File size: 70,144 bytes
  16. - File location: hxxp://martingr[.]com/wp-content/plugins/thefox_cp/m.exe
  17. - File location: C:\Users\[username]\AppData\Local\Temp\file.exe
  18. - Any.Run analysis: https://app.any.run/tasks/d52763aa-46f6-401c-86f6-b8a4d05f7280
  19. - CAPE sandbox: https://cape.contextis.com/analysis/40069/
  20. - Reverse.it: https://www.reverse.it/sample/81ebc53905826f9edb4960d3a678196038f5be2f0c145468f8391232ed6793c6
  21.  
  22. FOLLOW-UP USRNIF MALWARE:
  23.  
  24. - SHA256 hash: d5fe93661b1bf142cdda1716dfa032ba8c7e98ae7c52be20e13056f6effbf00c
  25. - File size: 104,960 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BN21C2.tmp (random digits in the file name)
  27. - Any.Run analysis: https://app.any.run/tasks/298842ce-268c-4920-8535-59610a138cf1
  28. - CAPE sandbox: https://cape.contextis.com/analysis/40070/
  29. - Reverse.it: https://www.reverse.it/sample/d5fe93661b1bf142cdda1716dfa032ba8c7e98ae7c52be20e13056f6effbf00c
RAW Paste Data