lgoogloader | 70c0eab50ed39298ca6961b54dff822adde204067d84d1783f7d1b88ebbfe360 | Triage

Sharing

General

Target

70c0eab50ed39298ca6961b54dff822adde204067d84d1783f7d1b88ebbfe360
Size

710KB
Sample

230118-gtzslsfe2s
MD5

8536f1680e65cb9b9e93fa916d2ae93b
SHA1

2eb995c3da87f07fcbfb48008afbf3253ea86e76
SHA256

70c0eab50ed39298ca6961b54dff822adde204067d84d1783f7d1b88ebbfe360
SHA512

7a34ec0fdfe7977bfbd07b2041172155d32019910801e8cf0c60a64c1d0a50dc2f1f6c028507039b5fca71575475f5f060d10931458f1518613ad332282c4ec7
SSDEEP

12288:ErIIpwFjtUQ0RlPdPd64bRZUDNVR9WnsGJxoeM4:ErIKQtUpfVPd6A/UjunLJxoC

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  70c0eab50ed39298ca6961b54dff822adde204067d84d1783f7d1b88ebbfe360
- Size
  
  710KB
- MD5
  
  8536f1680e65cb9b9e93fa916d2ae93b
- SHA1
  
  2eb995c3da87f07fcbfb48008afbf3253ea86e76
- SHA256
  
  70c0eab50ed39298ca6961b54dff822adde204067d84d1783f7d1b88ebbfe360
- SHA512
  
  7a34ec0fdfe7977bfbd07b2041172155d32019910801e8cf0c60a64c1d0a50dc2f1f6c028507039b5fca71575475f5f060d10931458f1518613ad332282c4ec7
- SSDEEP
  
  12288:ErIIpwFjtUQ0RlPdPd64bRZUDNVR9WnsGJxoeM4:ErIKQtUpfVPd6A/UjunLJxoC
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence