Malware Analysis Report

2025-01-02 09:23

Sample ID 230118-xfbrmabg4z
Target d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.bin
SHA256 251cb6c1b04d7ec54d9c81c68ae02851b0ebde0177c15315452245087f4f6616
Tags
lgoogloader downloader
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

251cb6c1b04d7ec54d9c81c68ae02851b0ebde0177c15315452245087f4f6616

Threat Level: Known bad

The file d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.bin was found to be: Known bad.

Malicious Activity Summary

lgoogloader downloader

LgoogLoader

Detects LgoogLoader payload

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-01-18 18:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-01-18 18:47

Reported

2023-01-18 18:50

Platform

win7-20220812-en

Max time kernel

29s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe"

Signatures

Detects LgoogLoader payload

Description Indicator Process Target
N/A N/A N/A N/A

LgoogLoader

downloader lgoogloader

Processes

C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe

"C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe"

Network

Country Destination Domain Proto
N/A 204.79.197.200:443 tcp

Files

memory/1632-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

memory/1632-56-0x0000000000120000-0x000000000012D000-memory.dmp

memory/1632-55-0x00000000000F0000-0x00000000000F9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-01-18 18:47

Reported

2023-01-18 18:50

Platform

win10v2004-20221111-en

Max time kernel

156s

Max time network

168s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe"

Signatures

Detects LgoogLoader payload

Description Indicator Process Target
N/A N/A N/A N/A

LgoogLoader

downloader lgoogloader

Processes

C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe

"C:\Users\Admin\AppData\Local\Temp\d87a200a26d07a64272e93fb3ae8f8d9e4d34bdfedb0cf7c685a6c97912e967f_payload.exe"

Network

Country Destination Domain Proto
N/A 93.184.221.240:80 tcp
N/A 72.21.91.29:80 tcp
N/A 72.21.91.29:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp
N/A 51.11.192.48:443 tcp
N/A 72.21.91.29:80 tcp
N/A 104.80.225.205:443 tcp
N/A 93.184.221.240:80 tcp
N/A 93.184.221.240:80 tcp

Files

memory/4856-132-0x0000000000DA0000-0x0000000000DA9000-memory.dmp

memory/4856-133-0x0000000000DD0000-0x0000000000DDD000-memory.dmp