General
-
Target
SecuriteInfo.com.Variant.MSILHeracles.37963.6224.26571
-
Size
564KB
-
Sample
220511-wlawvaehc8
-
MD5
79c46056fb002fcd31fba21bae0d9221
-
SHA1
56280d53bd4c977debbc0e36ff0b7a3f3b3e3786
-
SHA256
37708373f6b4deb76e61c7a9c65200bba9f9d7ca7ebcd82d09242dd9231fa072
-
SHA512
75a264463a0d90e10b9c930474d6ab10a3cbc143a4eed82bc5d51f29cb72a27b7743bfb169194e952df8666490eafa8bfbc78637995f4bf7bcd47fac59a80796
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.MSILHeracles.37963.6224.exe
Resource
win7-20220414-en
Malware Config
Extracted
xloader
2.5
snjq
codezonesoftware.xyz
traexcel.com
smalltowncontractors.com
classicalequestrianacademy.com
jlvip1066.com
ovacup.online
foodcravings2312.com
dbelnlogoro.quest
valeriebeijing.com
steri-spiral.com
envisionpoolsnd.biz
adclw.net
smartaf5.xyz
tech4ad.com
trimilos.info
blockplace.club
gunpowderz.com
nayrajewels.com
fapcxi.xyz
mentication.com
coronas.store
sarvarbek.info
hnjst.net
cfotoknow.com
horseshoesheartandhome.com
chrisdaughtryfans.com
laronburrows.com
marketingdigital.jobs
yaraghdooman.com
juicyjuiceplus.com
theangelmarketstore.com
disadaau.info
twiittter.com
lookyanychev.store
seoulcondo.com
xn--lohmller-95a.gmbh
phoenixphantoms.com
mayerscapital.com
bestdigitalsells.com
sablon.digital
1712fillmore.com
outfitondemand.com
missnikissalsa.net
sdunwoody.online
screwstoned.com
elm-algarve.com
freedommattersmost.com
jamunahub.com
fremurgroup.com
elevare.online
pravosozidanie.store
quickwin.xyz
891712.com
atgoogle.online
jamespfinlay.com
murderingmediocrity.com
courtownangling.com
cbtnightmares.com
inmind.company
novaleonohotels.net
quotexphilippines.com
g1novasaude.website
intenswines.com
inside-informatica.com
turkistick.com
Targets
-
-
Target
SecuriteInfo.com.Variant.MSILHeracles.37963.6224.26571
-
Size
564KB
-
MD5
79c46056fb002fcd31fba21bae0d9221
-
SHA1
56280d53bd4c977debbc0e36ff0b7a3f3b3e3786
-
SHA256
37708373f6b4deb76e61c7a9c65200bba9f9d7ca7ebcd82d09242dd9231fa072
-
SHA512
75a264463a0d90e10b9c930474d6ab10a3cbc143a4eed82bc5d51f29cb72a27b7743bfb169194e952df8666490eafa8bfbc78637995f4bf7bcd47fac59a80796
-
Xloader Payload
-
Suspicious use of SetThreadContext
-