skip to Main Content

Cybercrime, new Hancitor campaign via email attachment

Technical analysis by the Malware Hunter JAMESWT

New Hancitor campaign via email attachment. The doc file, if opened, starts the malware infection thanks to the internal dll. This is used as a downloader of other payloads such as Cobalt Strike, Ficker Stealer, Ursnif / Gozi and others, although it’s not sure what you’re aiming for in this case

New Hancitor (aka Chanitor) campaign via malicious email attachment. The file, a word document, if opened starts the malware infection chain.

This is due to the fact that it contains malicious DLLs. Hancitor is a trojan and downaloader, used by cybercrime to download other payloads such as Cobalt Strike, Ficker Stealer, Ursnif / Gozi and others. At the moment, however, it has not been possible to trace which one it was in this case.

DNS HTTP/HTTPS requests / Connection

Back To Top