ESET cybersecurity experts: It’s a banking trojan that has already targeted users from Poland, impersonating Bolt Food. Goal: to steal banking-cryptocurrency credentials.
Technical analysis by the Malware Hunter JAMESWT
New Hancitor campaign via email attachment. The doc file, if opened, starts the malware infection thanks to the internal dll. This is used as a downloader of other payloads such as Cobalt Strike, Ficker Stealer, Ursnif / Gozi and others, although it’s not sure what you’re aiming for in this case
New Hancitor (aka Chanitor) campaign via malicious email attachment. The file, a word document, if opened starts the malware infection chain.
This is due to the fact that it contains malicious DLLs. Hancitor is a trojan and downaloader, used by cybercrime to download other payloads such as Cobalt Strike, Ficker Stealer, Ursnif / Gozi and others. At the moment, however, it has not been possible to trace which one it was in this case.