Hancitor is an information thief and malware downloader used by a designated threat actor like MAN1, Moskalvzapoe or TA511 also this is a very dangerous Trojan virus. Developers spread this malicious software through various spam campaigns and after successful introduction, Hancitor injects other malicious software to infect the system. Therefore, this malicious software opens the back door for other viruses to enter.
The developers send out thousands of deceptive emails that encourage users to open attachments. These attachments are malicious; They install Hancitor on the system without permission. At this time, an infection is triggered. By opening malicious attachments, users are unknowingly allowing this threat to enter their computers. Right after entering, Hancitor executes code to install other Trojans. Most of these viruses collect sensitive information such as saved usernames and passwords, URLs of visited websites, keystrokes, etc. Cybercriminals could gain access to personal accounts, banks, social networks, etc. In this sense, they can steal the identities of their victims and perform malicious tasks such as online purchases, transfers, etc. Therefore, the presence of malicious software distributed by Hancitor can lead to serious privacy problems and serious financial losses.
In a 2018 threat roundup, we noted that Hancitor was relatively unsophisticated, but would remain a threat for years to come. About three years later, Hancitor is still a threat and has evolved to use tools like Cobalt Strike (Cobalt Strike is used by the threat actor behind Hancitor to send tracking malware).
In some cases, the tracking malware sent through Cobalt Strike may include a network ping tool that generates an abnormally large amount of ICMP traffic by pinging more than 17 million internal IPv4 addresses. Organizations with decent spam filtering, proper system management, and up-to-date Windows hosts have a much lower risk of Hancitor infection and their post-infection activity and having a quality firewall is essential for these types of attacks.
Check also:
PyVil RAT – New Trojan from the Evilnum group
Asacub is a Trojan that targets Banks
Keyloggers – Silent and very dangerous viruses
