Hancitor Uses Microsoft Word to Deliver Malware

There have been several variants of the Hancitor malware family seen in the wild over the past several months. Recently, Carbon Black, a VMRay integration partner, provided an in-depth analysis of a specific strain of the Hancitor Malware family that uses a Microsoft calendar identifier to deliver malware to unsuspecting users. We did a full analysis in VMRay analyzer that we’ve published here . We are able to see a specific strain of Hancitor using Microsoft Word to deliver a malicious payload – using VBA macros of course!

We can see that it scored a solid 100/100 against our VTI Rule (VMRay Threat Identifier behavioral ruleset).
View the Full Analysis Report