Technical analysis by the Malware Hunter JAMESWT

Cybercrime, FlickerStealer campaign via DocuSign and Hancitor. The doc attachment of a false notification contains a dll with Chanitor, which downloads the final malware

A fake notification from DocuSign conveys a FickerStealer campaign, which goes through Hancitor.

The doc file in the mail contains a dll with Hancitor (alias Chanitor). This then downloads the final malware. The goal of cybercrime is to steal sensitive data from victims. FickerStealer, in fact, is an info-stealer that targets PCs with Windows operating system, from version XP to 10.

Hancitor C2s

FickerStealer C2s