lgoogloader | bf9cbad13935f939f44add9a131188c73e3dda014e039debc553ebacab228d83 | Triage

Sharing

General

Target

bf9cbad13935f939f44add9a131188c73e3dda014e039debc553ebacab228d83
Size

1.3MB
Sample

230105-yk4hwagf6v
MD5

35d19a9ba44fa423cb90f734f53de2aa
SHA1

104f7b53b01d3b6a7ff871b51057c3193b431a23
SHA256

bf9cbad13935f939f44add9a131188c73e3dda014e039debc553ebacab228d83
SHA512

e85c53d709977ff9f17abcbb48f02d72b8792be4393b10146f983c325c8d023d439372fb448c27ca60eb58f70c6e7139581b059d06edcb25dbfe8abcf63f5a25
SSDEEP

12288:yy7iK8b0X+aOAQhWL+Yr0+Et5iV4mSKj7+QHa+ZGJ8/83tPAjb5nZK0cfCoA8rKD:wXKhC8sPsbnaAmsVkonYyd3h

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  bf9cbad13935f939f44add9a131188c73e3dda014e039debc553ebacab228d83
- Size
  
  1.3MB
- MD5
  
  35d19a9ba44fa423cb90f734f53de2aa
- SHA1
  
  104f7b53b01d3b6a7ff871b51057c3193b431a23
- SHA256
  
  bf9cbad13935f939f44add9a131188c73e3dda014e039debc553ebacab228d83
- SHA512
  
  e85c53d709977ff9f17abcbb48f02d72b8792be4393b10146f983c325c8d023d439372fb448c27ca60eb58f70c6e7139581b059d06edcb25dbfe8abcf63f5a25
- SSDEEP
  
  12288:yy7iK8b0X+aOAQhWL+Yr0+Et5iV4mSKj7+QHa+ZGJ8/83tPAjb5nZK0cfCoA8rKD:wXKhC8sPsbnaAmsVkonYyd3h
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence