Rewterz Threat Alert – Vidar Malware – Active IOCs
November 24, 2021Rewterz Threat Alert – Conti Ransomware Targeting Organizations – Active IOCs
November 24, 2021Rewterz Threat Alert – Vidar Malware – Active IOCs
November 24, 2021Rewterz Threat Alert – Conti Ransomware Targeting Organizations – Active IOCs
November 24, 2021Severity
High
Analysis Summary
Hancitor was created in 2014 to drop other malware on infected machines. Also known as Tordal and Chanitor. Hancitor provides their loader as a service to other criminals, helping to install various malware on the target PCs. There is a sudden surge in Hancitor attacks and usually these attacks takes place on business days and falls off on the weekends.
This malware can’t be considered dangerous since even Microsoft’s built-in antivirus Windows Defender can detect it. Alot of it is being distributed in malspam campaigns, in a lot of cases emails don’t even reach their targets, being intercepted by spam filters. In essence, For users that are still using Windows seven or earlier and who either don’t have or disabled their antivirus software can still be targeted with more effectiveness. Despite such a limited “target audience”, Hancitor creators continue to update this malware and it is still very active to this day.
Impact
- Information Theft
- Data Exfiltration
Indicators of Compromise
MD5
- a93f9ecb20354d450b0443b63808c5ef
SHA-256
- 245dd0bff1c08559e5e68ea25aadbf5bc6ebef5831ec19c34d8d2021747157fe
SHA-1
- 95ac8afcf79459b8670dc932b39ac752d0c0ab1d
URL
- https[:]//iamjitenpatel[.]com/triviality[.]php
- http[:]//templogio[.]com/9/forum[.]php
- http[:]//johommeract[.]ru/9/forum[.]php
- http[:]//amesibiquand[.]ru/9/forum[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.