Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
Technical analysis by the Malware Hunter JAMESW
Hancitor is back, hidden in a DocuSign e-mail. The doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown
Hancitor is back, hidden inside a DocuSign email.
The doc attachment, which can be downloaded by opening the link in the text (the yellow button), contacts a different url each time and downloads a document that varies with each operation. Inside there is a dll with malware (aka Chanitor).
The next payload downloaded, however, is unknown. In the latest cybercrime campaigns, however, this was CobaltStrike or FickerStealer, an info-stealer that targets Windows-based PCs from XP to 10.