Discover and read the best of Twitter Threads about #hancitor

Most recents (4)

Profile picture
James
@James_inthe_box
Incoming #hancitor run, DocuSign subjects, @google feedproxy links, elektrykasklep.com sender:
http://feedproxy[.]google[.]com/~r/uaulgisrpg/~3/8ZokTiE9_c8/gratifying.php
@Google cc @wavellan @noottrak @jw_sec @malware_traffic @executemalware @wwp96 @felixw3000 @HerbieZimmerman @ffforward @node5 @JAMESWT_MHT
doc hash:
3b1c678b5cc556715d8395639b7a140fd874642cad0f13816e03002c2bd550ef
Read 5 tweets
Profile picture
Brad
@malware_traffic
2020-07-16 - #Hancitor URL from (I assume) malspam:

hxxp://dunafacility[.]partners/wp-includes/tannerbaum.php

XLS: app.any.run/tasks/ab9808d6…

DLL: app.any.run/tasks/4e4a8162…

Follow-up malware: app.any.run/tasks/d94c1428…
2020-07-16 - #Hancitor info:

Paste: pastebin.com/s5iRrWRj

Pastebin raw: pastebin.com/raw/s5iRrWRj

Blog with #pcap and other data: malware-traffic-analysis.net/2020/07/16/ind…

If anyone knows what the follow-up malware is, let us all know. I don't recognize it.
cc @mesa_matt
@maciekkotowicz
@cheapbyte
@Ring0x0
@wavellan
@noottrak
@jw_sec
@social_amit
@wwp96
@felixw3000
@HerbieZimmerman
Read 3 tweets
Profile picture
Microsoft Security Intelligence
@MsftSecIntel
A couple of fresh malware campaigns in the past few days were halted by Windows Defender AV, whose cloud-based machine learning technologies detected and blocked #Hancitor and #Emotet malware runs at the onset.
The previously unknown #Hancitor and #Emotet variants, which were distributed via email, were flagged by various ML models. Our machine learning technologies combined results from multiple algorithms to correctly determine the malware.
#Hancitor is known for being a sophisticated malware that has been used in targeted attacks in the past and for using unusual APIs and memory injection techniques. #Emotet, on the other hand, is one of the most active banking malware today.
Read 5 tweets
Profile picture
John Lambert
@JohnLaTwC
When #malware says hi? #hancitor malware always has a sentinel in the malware document. This time it's our analyst @abhie's twitter handle.🤔 ImageImage
Sample hash: 800bf028a23440134fc834efc5c1e02cc70f05b2e800bbc285d7c92a4b126b1c
And ...
Read 3 tweets

Related hashtags

#hancitor #Emotet #BadRabbit #malware #pcap #Hancitor

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!