skip to Main Content

Cybercrime, new Hancitor campaign via DocuSign email

Malware Hunter JAMESWT Technical Analysis

New Hancitor campaign via DocuSign email. The doc attachment is downloaded each time from a different url and contains the dll with the malware. The final payalod is unknown

New Hancitor campaign via DocuSign email. The doc attachment, which can be downloaded by opening the link in the text (the yellow button), contacts a different url each time and downloads a document that varies with each operation.

Inside there is a dll with malware (aka Chanitor).

The next payload downloaded, however, is unknown. In the latest cybercrime campaigns, however, this was CobaltStrike or FickerStealer, an info-stealer that targets Windows-based PCs from XP to 10.

Malware C2

Back To Top