New Hancitor Malware: Pimp my Downloaded
Tags
country: Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Process Hollowing - T1093
Show in Graph
Common Information
Type Value
UUID e1ece6c6-6aa8-4733-8516-2816d8cc36a1
Fingerprint 8e34189b25ba0a81
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 9, 2022, 11:12 a.m.
Added to db Sept. 26, 2022, 9:30 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline New Hancitor Malware: Pimp my Downloaded
Title New Hancitor Malware: Pimp my Downloaded
Detected Hints/Tags/Attributes 51/3/56
Source URLs
Redirection Url
Details Source https://blog.minerva-labs.com/new-hancitor-pimp-my-downloader
URL Provider
Details Provider Source level domain
Details minerva-labs.com blog.minerva-labs.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
bettitotuld.com
Details Domain 2 
callereb.com
Details Domain 1 
supketwron.ru
Details Domain 1 
witjono.ru
Details Domain 1 
eventtorshendint.ru
Details Domain 1 
tefaverrol.ru
Details Domain 1 
tonslacsotont.ru
Details Domain 1 
hinhenharre.ru
Details Domain 1 
helahatun.com
Details Domain 1 
idmuchatbut.ru
Details Domain 1 
dafiutrat.ru
Details Domain 1 
onketorsco.com
Details File 1 
bg618.exe
Details File 1 
lj016.exe
Details File 5 
winhost32.exe
Details File 1122 
svchost.exe
Details File 101 
gate.php
Details File 3 
45.exe
Details sha256 1 
8d37d622baf17eaa7a0b04ab1956263abcc4cd6d85fd28945aacf0dac87b47c4
Details sha256 1 
fcc24a15f2b7ed06403ec192b3ed2a5258e2691b6d61b2334160fd76bbfba151
Details sha256 1 
9463dc78dc7df3e751ee8c10a3fa32e315f58924eb0305f5f9eeaeae2865f9dd
Details sha256 1 
21efc8907d1c4f320330da3f6a87030f1c389ac8d4fc7363d170ce9444ec81cd
Details sha256 1 
554ff7c6f98afd3c6d9aaef232748481c8024feef415dcf4e153cdbed1a3994e
Details sha256 1 
7edd4f271ae83b5c13b9d1927b9a64160d5ffa2eab88e9a860e50009385638a7
Details sha256 1 
4b99b55479698ee6d1f6b69999c994e153672706af477c84cee6858240569783
Details sha256 1 
cc07a2baf22c94959623b1a89ed88a317dbd7a131d4cdc3eadb048f32b3a2e7b
Details sha256 1 
29f99f50e0aecd0e3c41c7dc1ecdfbc52fb53f734d0de99b5ff722dd07149173
Details sha256 1 
926a34fbae94ab7ed7fe9a596f0507031e19044c06cbbca245efb30d926ea1e5
Details sha256 1 
d59bceef11d49f47ec956b7bc9d3497ffc5259905cd6797ff9f5384f0ee55521
Details sha256 1 
af3d08fb9f2e2ba73496aebb53d36dae1d812622abd598eba27c5d483129632d
Details sha256 1 
ac7a5bfc346193a43e6e22663c1037ca45d89a92c8bb3cefb165c359abb402c4
Details sha256 1 
c1ab4f0d1184df1be78d202e1a204fe187eb1649b1e912b48c6eef46af89c430
Details sha256 1 
37a4084541df61d1380370a59694ba6c59abebf0c8183e10abe60d17bdeacedd
Details sha256 1 
1b6e050c9f5fdcb04b247ef9db8fa2a6322118ed7b71c1545d39cb25a1e16131
Details sha256 1 
8d60356e89c0f4d735e665bbc10c8a36589413f55efa17659c7c253d2449d54f
Details sha256 1 
b4e5f56345757fbea0dee5480267551c08e9d91d58960463be4928f69c89313c
Details IPv4 1 
62.141.54.153
Details IPv4 1 
151.80.220.47
Details IPv4 1 
185.31.160.190
Details IPv4 1 
185.46.8.214
Details IPv4 1 
46.4.173.214
Details IPv4 1 
91.220.131.45
Details Url 1 
http://callereb.com/ls/gate.php
Details Url 1 
http://supketwron.ru/ls/gate.php
Details Url 1 
http://witjono.ru/ls/gate.php
Details Url 1 
http://eventtorshendint.ru/zapoy/gate.php
Details Url 1 
http://tefaverrol.ru/zapoy/gate.php
Details Url 1 
http://bettitotuld.com/zapoy/gate.php
Details Url 1 
http://tonslacsotont.ru/zapoy/gate.php
Details Url 1 
http://hinhenharre.ru/zapoy/gate.php
Details Url 1 
http://helahatun.com/zapoy/gate.php
Details Url 1 
http://idmuchatbut.ru/zapoy/gate.php
Details Url 1 
http://dafiutrat.ru/zapoy/gate.php
Details Url 1 
http://onketorsco.com/zapoy/gate.php
Details Windows Registry Key 41 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 1 
HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Outlook\Profiles