Unit 42 dives into the technical inner-workings of Hancitor’s latest malware packer.
Read this Threat Brief to learn how Hancitor threat actors use fundamental business tactics to deliver attacks
Unit 42 tracks how attackers use fraudulent accounts and compromise infrastructures of legitimate businesses to deliver Hancitor malware.
This blog post is a continuation of my previous post, VB Dropper and Shellcode for Hancitor Reveal New Techniques Behind Uptick, where we analyzed a new Visual Basic (VB) macro dropper and the accompanying shellcode. In the last post, we left off with having successfully identified where the shellcode carved out and decoded a binary
The Hancitor downloader has been relatively quiet since a major campaign back in June 2016. But over the past week, while performing research using Palo Alto Networks AutoFocus, we noticed a large uptick in the delivery of the Hancitor malware family as they shifted away from H1N1 to distribute Pony and Vawtrak executables. In parallel,