skip to Main Content

Cybercrime, the FickerStealer campaign via DocuSign and Hancitor is back

Technical analysis by the Malware Hunter JAMESWT

Cybercrime, the FickerStealer campaign via DocuSign and Hancitor is back. The email doc contains a dll with Chanitor, which downloads the final malware

A fake email notification from DocuSign conveys a FickerStealer campaign, which goes through Hancitor.

The message doc attachment contains a dll with Hancitor (aka Chanitor). This then downloads the final malware.

The goal of cybercrime is to steal sensitive data from victims. FickerStealer, in fact, is an info-stealer that targets PCs with Windows operating system, from version XP to 10.

Malware Urls

The two Malware C2s

Back To Top