MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hancitor


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc
SHA3-384 hash: c1b04bda823390e513f7b64f30b2b2895156826d267093b9c7ad3b78e82ed21a8f0edba5e5afe4c08fbd9ecff7eb047e
SHA1 hash: b52357fb3f02b9d8d1e01057172541876a75b1ff
MD5 hash: 4606ecdd6dc02f2e2f3a699720d7031c
humanhash: stairway-timing-maryland-south
File name:W0rd.dll
Download: download sample
Signature Hancitor
Create hunting rule
File size:452'608 bytes
First seen:2020-11-18 15:10:14 UTC
Last seen:2020-11-18 15:41:57 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1a786237f0d331ca4a05c48921e0a8ef (1 x Hancitor)
ssdeep 12288:5jpBOaFGyokkn7QljuI2hJdC3ZzoNSBr:5XOaFefgCIn
Threatray 24 similar samples on MalwareBazaar
TLSH 85A4AE21E7A50821F337073454B78062CAFC7E8195BCCD9A71CB241E2D5B6F5A678B4E
Reporter malware_traffic
Tags:dll Hancitor

Intelligence

File Origin
# of uploads :
2
# of downloads :
386
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/541338
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc/
Threat name:
Win32.Trojan.Hancitor
Create hunting rule
Status:
Malicious
First seen:
2020-11-18 15:09:01 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
185e7914fb334360e83bb85bc6cdf7e3311b77f49197748b271803484050d38d
Hancitor
45d91ba067bb2e05e8c14b0fa7e65eb75c5e01e50d0cc042c53d5c78d5c9165e
Hancitor
533e5aced548178da1ba313246e0335fc73d228135ab56f40a1b4bc72fc0a134
Hancitor
80b767be044fed7b482d96625401d23cee2a881d3a1c8d2ab06179deae99d345
Hancitor
84783081ade87f5a4a1902a275eb66c7fe8ebef9e43cdd2d4527bdb1a5a51f04
Hancitor
9d8cb1204c8357152aec8acbf14092de7edd88189eaa6f9cfb8b9b8dbff001e8
Hancitor
afba9deb16b5100c5964ca33cd42c2aa6b972ad104efd3d58e0ad8b7070cd5f4
Hancitor
cf04f94e59fc369c00b7f82e68485218690161589a3272aa759b9ab7317ce8ac
Hancitor
d46dd776096b9f1a39203318bb76fc837e51c9f0a1212dd349eeb57ce6e58758
Hancitor
eb9410f5031797ccc6f446cb0c0d3c6f6a6c927f990c8aa5e01f7bffaccbab09
Hancitor
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201118-zjadlyxama/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc
MD5 hash:
4606ecdd6dc02f2e2f3a699720d7031c
SHA1 hash:
b52357fb3f02b9d8d1e01057172541876a75b1ff
Link:
https://www.unpac.me/results/7734441a-84c6-433d-9f9d-c8e3ffa1c888/
SH256 hash:
e3f91dd6b65e50a6e84221dbc9d9af343ae6979f3fe2e3d809ed40e1847aea78
MD5 hash:
cbbae927b16f8c5c1e3d6973d919bd00
SHA1 hash:
4fa5bfb5aed10c876d56659eca0efcb4cf329660
Detections:
win_hancitor_auto
Create hunting rule
Link:
https://www.unpac.me/results/7734441a-84c6-433d-9f9d-c8e3ffa1c888/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments