skip to Main Content

Cybercrime, new chapter of the Hancitor campaign via DocuSign

Technical analysis by the Malware Hunter JAMESWT

New chapter of the Hancitor campaign via DocuSign. The email doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown

New chapter of the Hancitor campaign via DocuSign. The message contains a doc attachment, which can be downloaded by opening the link in the text (the yellow button).

This contacts a different url each time and downloads a document that varies with each operation. Inside there is a dll with malware (aka Chanitor).

It is not known, however, what it downloads once installed on the victim’s machine. In the latest cybercrime campaigns, the final payload were CobaltStrike or FickerStealer, an info-stealer that targets PCs with Windows operating systems, from version XP to 10.

Malware C2

Back To Top