2020-12-08 Hancitor Malspam
Summary ======== This quick post stems from a tweet from @James_inthe_box about some Hancitor malware that he was seeing. After several attempts at trying to get a maldoc to download in the past, I was able to today. Out of the several links that I had, only one worked. For a list of other links that I saw, please see this Pastebin. The others did what they have always done in the past – redirected me to a Docusign site. For the artifacts and such, please see my Github repo for this here. Analysis ======== Once the maldoc was obtained,…