2021-02-02 - QUICK POST: HANCITOR INFECTION WITH FICKER STEALER, COBALT STRIKE, & NETSUPPORT RAT
- 2021-02-02-Hancitor-malspam-11-examples.zip 22.4 kB (22,374 bytes)
- 2021-02-02-Hancitor-with-Ficker-Stealer-and-Cobalt-Strike-and-NetSupport-RAT.pcap.zip 12.5 MB (12,518,585 bytes)
- 2021-02-02-Hancitor-malware.zip 292 kB (291,992 bytes)
- The malware zip listed above only contains the Hancitor doc and DLL.
- You can extract the Ficker Stealer EXE from the pcap.
- Malware for NetSupport Manager RAT was sent over encoded C2 traffic through Cobalt Strike, and I unfortunately didn't retrieve a copy from the infected Windows host.
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
Shown above: Indicators that NetSupport RAT may have been delivered through Cobalt Strike after the intial Hancitor infection.
Click here to return to the main page.