General

  • Target

    9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

  • Size

    1.7MB

  • Sample

    230102-qmp49shf2s

  • MD5

    0420e95d5538d17cfec8d37c65ad5317

  • SHA1

    f4f692c8e0a01a93e0d8bc3a786a88e34e6c5be1

  • SHA256

    9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

  • SHA512

    71a72f8c0151a0204ebc37f31ad5da1f3b1c6363f290d7ee128764930b9ed857c4ef6b0d4cd40186be56acc2e7aadc66e7535be08cce06a230535f052636cbc2

  • SSDEEP

    24576:j4Eun37h53AbtuNw6z1Vjf51eKKlkOuUGkEvDvO4xn:tuetKjxFsGkEl

Malware Config

Targets

    • Target

      9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

    • Size

      1.7MB

    • MD5

      0420e95d5538d17cfec8d37c65ad5317

    • SHA1

      f4f692c8e0a01a93e0d8bc3a786a88e34e6c5be1

    • SHA256

      9d9849b524012665ec0676be4eb85efcd6d51bf1dd4a68c13f364f6e74c4bc60

    • SHA512

      71a72f8c0151a0204ebc37f31ad5da1f3b1c6363f290d7ee128764930b9ed857c4ef6b0d4cd40186be56acc2e7aadc66e7535be08cce06a230535f052636cbc2

    • SSDEEP

      24576:j4Eun37h53AbtuNw6z1Vjf51eKKlkOuUGkEvDvO4xn:tuetKjxFsGkEl

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

    • Sets service image path in registry

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks