lgoogloader | d0f5a3be9ab80e06600ffcb13d897f325b7c8737b895223b3b7e03ecc79abbca | Triage

Submit
Reports

Overview

overview

Static

static

197cc0b311...9f.exe

windows7-x64

197cc0b311...9f.exe

windows10-2004-x64

Sharing

General

Target

197cc0b311afc440dd150387e68bf49f.exe
Size

485KB
Sample

221125-jftesaeh2y
MD5

197cc0b311afc440dd150387e68bf49f
SHA1

78434666b854de78dfbfb253e66644865d324586
SHA256

d0f5a3be9ab80e06600ffcb13d897f325b7c8737b895223b3b7e03ecc79abbca
SHA512

93e805b0956a69a2f9bcabd059bafef689a82aa8654a71bf56d9834db9a5d1904aca34178e02b47f85b6bbac3b4430209dc989071e50c1d63c152daeb5052fed
SSDEEP

6144:up65pkrxfUvq1uWsCbIG3p2NtIzCuAsTF5nCLggt6wVsp03cPqfXETRaLP5bhxJ:vs+DNCMG5WIzCETqLgm6RyPETYRfq

Score

10^/10

lgoogloader downloader evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

197cc0b311afc440dd150387e68bf49f.exe

Resource

win7-20220812-en

lgoogloader downloader evasion persistence trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

197cc0b311afc440dd150387e68bf49f.exe

Resource

win10v2004-20220901-en

lgoogloader downloader evasion persistence trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  197cc0b311afc440dd150387e68bf49f.exe
- Size
  
  485KB
- MD5
  
  197cc0b311afc440dd150387e68bf49f
- SHA1
  
  78434666b854de78dfbfb253e66644865d324586
- SHA256
  
  d0f5a3be9ab80e06600ffcb13d897f325b7c8737b895223b3b7e03ecc79abbca
- SHA512
  
  93e805b0956a69a2f9bcabd059bafef689a82aa8654a71bf56d9834db9a5d1904aca34178e02b47f85b6bbac3b4430209dc989071e50c1d63c152daeb5052fed
- SSDEEP
  
  6144:up65pkrxfUvq1uWsCbIG3p2NtIzCuAsTF5nCLggt6wVsp03cPqfXETRaLP5bhxJ:vs+DNCMG5WIzCETqLgm6RyPETYRfq
Score

10^/10

lgoogloader downloader evasion persistence trojan
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderevasionpersistencetrojan

behavioral2

lgoogloaderdownloaderevasionpersistencetrojan

© 2018-2024

Terms | Privacy