Hancitor Malware Analizi

Dosya Ozellikleri

SHA256: ac02178130b893464873716fdf3cba6622066b14285f1be7fc3eccacd68ef3b9

MD5: bdb98e377bd0ba0a81bd4bbeba61037d

Dosya Tipi: dll

Boyut: 385,024 byte

Ilk Gorulme: 2021-05-19

AV Imzasi: Hancitor

Imphash: 5b6f1e54c18c3a808311a9312820fac9

Raporlayan: malware_traffic

Etiketler: Chanitor, dll, Hancitor, MAN1, Moskalvzapoe, TA511

Statik analiz: metadata tabanli (ornek indirilmedi)

Hancitor — Malware Profile

Hancitor (Chanitor) email dropper. PuTTY SSH disguise. Cobalt Strike/Ficker dropper.

Malware Type
Loader
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

Loader ailesi: HTTP/HTTPS C2, payload sifre cozme ve bellek icerisinde yükleme, anti-sandbox/VM kontrolleri, process injection, persistence mekanizmasi, yükü indirme ve calistirma zinciri

Capabilities & Behavior

Payload İndirme
Süreç Enjeksiyonu
Modüler Mimari
Kimlik Bilgisi Hırsızlığı
Yanal Hareket
Kalıcılık
Anti-VM/Sandbox
İkincil Payload Dağıtımı

IOC List (1 indicators)

IOC — Hancitor
# FILEPATH ac02178130b893464873716fdf3cba6622066b14285f1be7fc3eccacd68ef3b9
TypeValueNote
filepath ac02178130b893464873716fdf3cba6622066b14285f1be7fc3eccacd68ef3b9 PDB

C2 Servers (1 recorded servers for this family)

Address Type Port Protocol Status Country
5.61.46.161 ip 80 HTTP sinkholed UA

C2 addresses are provided only from malware samples manually verified by the KEYDAL team. Commercial use is prohibited.

Tags
ChanitordllHancitorMAN1Moskalvzapoe