MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hancitor


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8
SHA3-384 hash: ad9577c85849aab2b8c53b48971f0d0234b37ba2dc5b19d69fe76a30e17e6b312fd641475aec07502043627d6ada4f0f
SHA1 hash: 476677812230979a66b7abf78a8c33b492d3e3bc
MD5 hash: 9192898fc88c5b21d72e86e04cd7a23f
humanhash: maine-summer-fix-sixteen
File name:ya.wav.dll
Download: download sample
Signature Hancitor
Create hunting rule
File size:335'872 bytes
First seen:2020-12-01 15:23:08 UTC
Last seen:2020-12-01 16:51:53 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d5dfc4d93fc16c6071bfa36b88f58fd7 (1 x Hancitor)
ssdeep 6144:sd2bqBKCqU13RvZYZyrQMzLG5SAs7iXZSOU5BAJSVAj/wZHD:sd0qACqW3RvZxv4vs7/ztAj
Threatray 19 similar samples on MalwareBazaar
TLSH B064E191B2D0D8B1C42240398859CB28977E7E78BF65828776FC7D9F3FB21C16936246
Reporter James_inthe_box
Tags:dll Hancitor

Intelligence

File Origin
# of uploads :
2
# of downloads :
510
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106265/
Detection(s):
SecuriteInfo.com.Generic.mg.9192898fc88c5b21.20816.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending an HTTP GET request
Sending an HTTP POST request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/552531
Signature
Found potential dummy code loops (likely to delay analysis)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 325366 Sample: ya.wav.dll Startdate: 01/12/2020 Architecture: WINDOWS Score: 22 5 loaddll32.exe 1 2->5         started        process3 7 rundll32.exe 5->7         started        10 rundll32.exe 5->10         started        12 rundll32.exe 5->12         started        signatures4 14 Found potential dummy code loops (likely to delay analysis) 7->14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8/
Threat name:
Win32.Trojan.Hancitor
Create hunting rule
Status:
Malicious
First seen:
2020-12-01 15:22:57 UTC
File Type:
PE (Dll)
Extracted files:
13
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b
Hancitor
2980c5b5f9a53545f3006bc492f014bde34855924a1bc619e58d7c5804143551
Hancitor
45d91ba067bb2e05e8c14b0fa7e65eb75c5e01e50d0cc042c53d5c78d5c9165e
Hancitor
56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc
Hancitor
57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3
Hancitor
5caa0ee90d4a5013d79a5d6f8c9d5ff921a1fd5cb2ce2a659527ef6573040ef4
Hancitor
9d8cb1204c8357152aec8acbf14092de7edd88189eaa6f9cfb8b9b8dbff001e8
Hancitor
cf04f94e59fc369c00b7f82e68485218690161589a3272aa759b9ab7317ce8ac
Hancitor
dfdf79d355c1098d4cceaf4591200d35000ad86a585df727b3e7e6cf7dd58e95
Hancitor
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
Hancitor
+ 9 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201201-pdn6snwyrn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Blacklisted process makes network request
Unpacked files
SH256 hash:
1a9e9feb2f4561a2bec07309fd95cb419d57d9ca0c892ae66dae0d12321fa4ca
MD5 hash:
b7d3613b4bb56e54bfcd40c9aa551c1e
SHA1 hash:
c0960f2d17a9316f8e0e76df16e215bdf6c8b7a3
Detections:
win_hancitor_auto
Create hunting rule
Link:
https://www.unpac.me/results/e292d379-57d2-4074-93e9-3b2f0fe967bb/
SH256 hash:
293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8
MD5 hash:
9192898fc88c5b21d72e86e04cd7a23f
SHA1 hash:
476677812230979a66b7abf78a8c33b492d3e3bc
Link:
https://www.unpac.me/results/e292d379-57d2-4074-93e9-3b2f0fe967bb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/293d8e49687debac46ec1a4102b0d84df1ecb837ebe1e131e0362238c4063ff8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/106265/

Comments