Loader

Hancitor

First seen: 2014-01 • Status: active

Currently Active Threat

Hancitor spreads through spam emails with Word documents. When you open the document, it downloads more dangerous malware onto your computer.

Overview

Hancitor is a malware loader that primarily spreads through malspam. It delivers various payloads including FickerStealer, Cobalt Strike, and ransomware.

Also Known As

Chanitor, Tordal

How It Spreads

  • Malspam
  • Malicious Office documents

What It Does

  • Downloads additional malware
  • Delivers Cobalt Strike
  • Initial access for ransomware

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor for Hancitor email patterns
  • Watch for malicious document macros

MITRE ATT&CK Techniques

T1566, T1105, T1204

If You're Infected

  1. 1.

    Isolate affected systems

  2. 2.

    Check for additional payloads

Related Malware

Cobalt Strike, Icedid

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices