Hancitor (Chancitor) downloader has been in operation since 2016 when Zscaler saw it distributing the Vawtrak information-stealing Trojan. Since then, numerous campaigns have been seen over the years where Hancitors installs password-stealers, such as Pony, Ficker, and more recently, Cobalt Strike. Group-IB researchers say the threat actors use this remote access to gather network credentials, domain information, and spread throughout the network. Cuba Ransomware has not been particularly active compared to other operations such as REvil, Avaddon, Conti and DoppelPaymer.
Source: https://www.bleepingcomputer.com/news/security/cuba-ransomware-partners-with-hancitor-for-spam-fueled-attacks/