General

  • Target

    file.exe

  • Size

    510KB

  • Sample

    230116-vtpjjaad25

  • MD5

    ff0ac8d6c0a5990dd442f677315e6c4b

  • SHA1

    4358324f102afd639d6b1ec92521b37f31ca5d1c

  • SHA256

    eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285

  • SHA512

    47b93db0d6f90bd4805508663353472709fe53d5397834eadd5ee2feb4a2c2d59f57cf929ac8039f4ea07a2303d880f98806f4d7aade7cee700ff48f3ecf91ae

  • SSDEEP

    12288:ytFk7iHlOP8nFr/AuvlNn7N9Opxb6VelFxgcdM:EHlTn5Bv2begS

Malware Config

Targets

    • Target

      file.exe

    • Size

      510KB

    • MD5

      ff0ac8d6c0a5990dd442f677315e6c4b

    • SHA1

      4358324f102afd639d6b1ec92521b37f31ca5d1c

    • SHA256

      eb5ec9cf758bd526db090f9290d323201911b4181c3bfeb3ebd1f1af8be19285

    • SHA512

      47b93db0d6f90bd4805508663353472709fe53d5397834eadd5ee2feb4a2c2d59f57cf929ac8039f4ea07a2303d880f98806f4d7aade7cee700ff48f3ecf91ae

    • SSDEEP

      12288:ytFk7iHlOP8nFr/AuvlNn7N9Opxb6VelFxgcdM:EHlTn5Bv2begS

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

    • Sets service image path in registry

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks