SHARE
TWEET

2019-01-28 - malware from Hancitor infection

malware_traffic Jan 28th, 2019 1,137 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-01-28 - MALWARE FROM HANCITOR INFECTION
  2.  
  3. DOWNLOADED EXCEL SPREADSHEET WITH MACRO FOR HANCITOR:
  4.  
  5. - SHA256 hash: b30ef32b7d7cb31183dafe14c1cc06b4511674af5aa212f2fdf6f1aea4aab154
  6. - File size: 288,768 bytes
  7. - File name: invoice_240831.xls (random numbers in the file name)
  8. - Any.run sandbox: https://app.any.run/tasks/5871545b-fd7d-4312-bfd3-fe29a6cc91f2
  9. - CAPE sandbox: https://cape.contextis.com/analysis/33173/
  10. - Reverse.it: https://www.reverse.it/sample/b30ef32b7d7cb31183dafe14c1cc06b4511674af5aa212f2fdf6f1aea4aab154
  11.  
  12. HANCITOR MALWARE BINARY:
  13.  
  14. - SHA256 hash: d63b932fcdc8f217809347d0f5b1bd95ffebb5441645c344c476c74ebced9d45
  15. - File size: 101,376 bytes
  16. - File location: C:\Users\[username]\AppData\Local\Temp\6fsdFfa.com
  17. - File location: C:\Users\[username]\AppData\Local\Temp\6.pif
  18. - Any.run sandbox: https://app.any.run/tasks/f7d65036-f36c-4fc5-b96b-00032a8bd06e
  19. - CAPE sandbox: https://cape.contextis.com/analysis/33174/
  20. - https://www.reverse.it/sample/d63b932fcdc8f217809347d0f5b1bd95ffebb5441645c344c476c74ebced9d45
  21.  
  22. URSNIF MALWARE BINARY:
  23.  
  24. - SHA256 hash: 020f67d07f8fe0aec158efbfe8d7d2c17209c680e083a1edb722c30a51b97f8b
  25. - File size: 137,216 bytes
  26. - File location: C:\Users\[username]\AppData\Local\Temp\BNE945.tmp (random Hex characters in file name)
  27. - Any.run sandbox: https://app.any.run/tasks/0377427a-b5f8-4eb2-80c0-910538403cc4
  28. - CAPE sandbox: https://cape.contextis.com/analysis/33176/
  29. - https://www.reverse.it/sample/020f67d07f8fe0aec158efbfe8d7d2c17209c680e083a1edb722c30a51b97f8b
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top