Topics pertaining to technology, especially as they pertain to business issues are discussed. Such topics include using tech to boost productivity, marketing with social media, cybersecurity, and numerous other topics.
Search This Blog
Thursday, November 3, 2016
The Angry Spam and The Tricky Macro Delivers Updated Hancitor
Hancitor is one of the better-known malware downloaders due to its numerous SPAM runs and evolving delivery technique. It reminds us of Upatre, which gained notoriety status over the past two years but has now died down, possibly due to the takedowns of its major payloads. In the case of Hancitor, it still seen as a favourite carrier of very much active malware families such as Pony and Vawtrak.
Just recently, we found a new spam campaign of Hancitor with some notable developments that may have been in the previous variants, but were not discussed in any other reports. This article revolves around the macro tricks it uses to stall analysts, and new commands that it utilizes to better persist on infected devices. Finally, this variant also contains an interesting piece of comment by the malware author written in the macro code, which made us feel obliged to take a closer look in the first place.