March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – MeterPreter Malware – Active IOCs
June 13, 2022Rewterz Threat Advisory – CVE-2022-1998 – Linux Kernel Vulnerability
June 14, 2022Rewterz Threat Alert – MeterPreter Malware – Active IOCs
June 13, 2022Rewterz Threat Advisory – CVE-2022-1998 – Linux Kernel Vulnerability
June 14, 2022
Severity
High
Analysis Summary
Hancitor was created in 2014 to drop other malware on infected machines. Also known as Tordal and Chanitor. Hancitor provides their loader as a service to other criminals, helping to install various malware on the target PCs. There is a sudden surge in Hancitor attacks and usually these attacks takes place on business days and falls off on the weekends.
This malware can’t be considered dangerous since even Microsoft’s built-in antivirus Windows Defender can detect it. Alot of it is being distributed in malspam campaigns, in a lot of cases emails don’t even reach their targets, being intercepted by spam filters. In essence, For users that are still using Windows seven or earlier and who either don’t have or disabled their antivirus software can still be targeted with more effectiveness. Despite such a limited “target audience”, Hancitor creators continue to update this malware and it is still very active to this day.
Impact
- Information Theft
- Data Exfiltration
Indicators of Compromise
MD5
- 3c09cefe0e8dcd9afabdbd2e379424a4
- 5876ae4f5bf5e125a6535cec33a47f8a
SHA-256
- 9efc192fae6979799481f42cf411d8c32f1b8e3ad91e2bd3ae72e3506402c5d5
- 77827c048326e5b528e5bf6bbecfb1f91f7130b2f65fc71eb60ac35dd9a61555
SHA-1
- cc240462b171ffbdc13b19de2a15411801dae2ca
- 52598fe3327e3567494d3759b8692ce98602b715
Remediation
- Block the threat indicators at their respective controls.
- Search for IOCs in your environment.
- Always be suspicious about emails sent by unknown senders.