lgoogloader | c6135818ddc5d31afa68f42f21e1da3e19f879096298ccb84f68803847235004 | Triage

Sharing

General

Target

c6135818ddc5d31afa68f42f21e1da3e19f879096298ccb84f68803847235004
Size

695KB
Sample

230115-kch1bagb9v
MD5

928fa3e8a43ce4f32e5cb5f469a4981f
SHA1

742c4185e8ef6a8a70b320927d0dbc13a33a7c6f
SHA256

c6135818ddc5d31afa68f42f21e1da3e19f879096298ccb84f68803847235004
SHA512

c625374d344ef3c607659e5a4eb0d2978e6d030d25310cc9c9ed4aa249ef9adcf50a2053035c94daa750c8ddef044208c2425e01fe759662c32eff9140e9513c
SSDEEP

12288:8HbpxW0j2LnZvxo1IB5DiQqyGF3S064Fd+smJjMHGT/Ksq/KsK/Ksu:8HbpxW0j2LnboqiV3p/FEZjX7iC+

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  c6135818ddc5d31afa68f42f21e1da3e19f879096298ccb84f68803847235004
- Size
  
  695KB
- MD5
  
  928fa3e8a43ce4f32e5cb5f469a4981f
- SHA1
  
  742c4185e8ef6a8a70b320927d0dbc13a33a7c6f
- SHA256
  
  c6135818ddc5d31afa68f42f21e1da3e19f879096298ccb84f68803847235004
- SHA512
  
  c625374d344ef3c607659e5a4eb0d2978e6d030d25310cc9c9ed4aa249ef9adcf50a2053035c94daa750c8ddef044208c2425e01fe759662c32eff9140e9513c
- SSDEEP
  
  12288:8HbpxW0j2LnZvxo1IB5DiQqyGF3S064Fd+smJjMHGT/Ksq/KsK/Ksu:8HbpxW0j2LnboqiV3p/FEZjX7iC+
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence