Dissecting Hancitor’s Latest 2018 Packer
Unit 42 dives into the technical inner-workings of Hancitor’s latest malware packer.
Posts tagged with: hancitor
Threat Brief: Hancitor Actors
Read this Threat Brief to learn how Hancitor threat actors use fundamental business tactics to deliver attacks
Compromised Servers & Fraud Accounts: Recent Hancitor Attacks
Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.
Get updates on Unit 42
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Pythons and Unicorns and Hancitor…Oh My! Decoding Binaries Through Emulation
This blog post is a continuation of my previous post, VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick, where we analyzed a new Visual Basic (VB) macro dropper and the accompanying shellcode. In the last post, we left off with having successfully identified where the shellcode carved out and decoded a binary
VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick
The Hancitor downloader has been relatively quiet since a major campaign back in June 2016. But over the past week, while performing research using Palo Alto Networks AutoFocus, we noticed a large uptick in the delivery of the Hancitor malware family as they shifted away from H1N1 to distribute Pony and Vawtrak executables. In parallel,