Hancitor Malware

Hancitor Malware Resurfaces With New Methods

Target: Windows machines

Attack Vector: Email containing a malicious attachment, disguised as a PayPal invoice

Summary: While the Hancitor malware is by no means a new threat, it has been observed since the early days of 2017, this week a new variant has been observed displaying a fresh payload and attack vector. Instead of simply injecting malware on a machine, exploiting a vulnerability or some kind of brute-force into a target machine, threat actors are opting to use social engineering tactics in this instance.

Risk assessment summary: The threat is assessed as 3e MODERATE. The use of social engineering in this attack is significant as it provides the threat actor with a simpler way to deliver the malware, as well as a higher chance of success due to human behavior. In addition, the malware uses a range of effective techniques to hide from detection such as Process Hollowing and user-land monitoring evasion. Despite this, an effective Anti-Virus tool should help a user to make an informed decision regarding the downloading of malicious attachments as well as flagging up the existence of malware on a target machine, should an attachment be downloaded.

Leave a Reply

Your email address will not be published. Required fields are marked *