Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    510KB

  • Sample

    230116-vtpjjaad25

  • MD5

    ff0ac8d6c0a5990dd442f677315e6c4b

  • SHA1

    4358324f102afd639d6b1ec92521b37f31ca5d1c

  • SHA256

    eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285

  • SHA512

    47b93db0d6f90bd4805508663353472709fe53d5397834eadd5ee2feb4a2c2d59f57cf929ac8039f4ea07a2303d880f98806f4d7aade7cee700ff48f3ecf91ae

  • SSDEEP

    12288:ytFk7iHlOP8nFr/AuvlNn7N9Opxb6VelFxgcdM:EHlTn5Bv2begS

Score
10/10
lgoogloaderdownloaderpersistence

Malware Config

Targets

    • Target

      file.exe

    • Size

      510KB

    • MD5

      ff0ac8d6c0a5990dd442f677315e6c4b

    • SHA1

      4358324f102afd639d6b1ec92521b37f31ca5d1c

    • SHA256

      eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285

    • SHA512

      47b93db0d6f90bd4805508663353472709fe53d5397834eadd5ee2feb4a2c2d59f57cf929ac8039f4ea07a2303d880f98806f4d7aade7cee700ff48f3ecf91ae

    • SSDEEP

      12288:ytFk7iHlOP8nFr/AuvlNn7N9Opxb6VelFxgcdM:EHlTn5Bv2begS

    Score
    10/10
    lgoogloaderdownloaderpersistence

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

      downloaderlgoogloader

    • Sets service image path in registry

      persistence

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Scripting

1
T1064

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks