Rewterz Threat Alert – Emotet – Active IOCs
December 2, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
December 2, 2021Rewterz Threat Alert – Emotet – Active IOCs
December 2, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
December 2, 2021Severity
High
Analysis Summary
Hancitor was created in 2014 to drop other malware on infected machines. Also known as Tordal and Chanitor. Hancitor provides their loader as a service to other criminals, helping to install various malware on the target PCs. There is a sudden surge in Hancitor attacks and usually these attacks takes place on business days and falls off on the weekends.
This malware can’t be considered dangerous since even Microsoft’s built-in antivirus Windows Defender can detect it. Alot of it is being distributed in malspam campaigns, in a lot of cases emails don’t even reach their targets, being intercepted by spam filters. In essence, For users that are still using Windows seven or earlier and who either don’t have or disabled their antivirus software can still be targeted with more effectiveness. Despite such a limited “target audience”, Hancitor creators continue to update this malware and it is still very active to this day.
Impact
- Information Theft
- Data Exfiltration
Indicators of Compromise
MD5
- 49637ae11af54d68ff8013ac3fc96a1d
- 942a449dd39969b3a1c5e281b5ac8ec3
SHA-256
- 125c2b558cc9cedeee5cd0a0b78c1d7e9056ead0087422f01b52753439fac84f
- 2c19a75d22fd1a7d9b088407217f9b4534ba9c28253ac69b25f4408086285538
- 72b3fedcd0150b261e9aa0ad244498cddca99c25ddc12d7ccf97e1b3582dcba6
- 4b2e53d994d73a21ffa75ffeefc95f14dbee74d2f4946b9a47adc0f41709beca
SHA-1
- 2baffef0720980d010621f1b31541b4f4bd3e30c
- 98dd9ccf79d133c8f53ca72333a5ef95fcffaa24
URL
- https[:]//iamjitenpatel[.]com/triviality[.]php
- http[:]//templogio[.]com/9/forum[.]php
- http[:]//johommeract[.]ru/9/forum[.]php
- http[:]//amesibiquand[.]ru/9/forum[.]php
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.