lgoogloader | 7470f8e74c2124a59f01f74ad91af303fb994218657c0c9dd21be5b5b9c2a74a | Triage

Sharing

General

Target

7470f8e74c2124a59f01f74ad91af303fb994218657c0c9dd21be5b5b9c2a74a
Size

1.4MB
Sample

230515-wd5q9agg28
MD5

2fae82eebe27dd5e33fdc10ee8e90d24
SHA1

65729d70f2b1842b43e5e1499462251493e5dd1a
SHA256

7470f8e74c2124a59f01f74ad91af303fb994218657c0c9dd21be5b5b9c2a74a
SHA512

85201127ed02103d0e6577b5a880573ccfeeeeb045ea9ed91205dee0b61edbaf79199adb592dccd96eeacc78088f78693ca23ac7bc948d8ac91f2f6b318cfbb1
SSDEEP

12288:NhW88Erwb4r/GWOkMBOngocM3PhRXNmh9SHi8yzW0JGU3gOWyLsFLKRIImRKMqtW:DuG7IzxdtgOW+MfG67yWqfi5I7dK

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  7470f8e74c2124a59f01f74ad91af303fb994218657c0c9dd21be5b5b9c2a74a
- Size
  
  1.4MB
- MD5
  
  2fae82eebe27dd5e33fdc10ee8e90d24
- SHA1
  
  65729d70f2b1842b43e5e1499462251493e5dd1a
- SHA256
  
  7470f8e74c2124a59f01f74ad91af303fb994218657c0c9dd21be5b5b9c2a74a
- SHA512
  
  85201127ed02103d0e6577b5a880573ccfeeeeb045ea9ed91205dee0b61edbaf79199adb592dccd96eeacc78088f78693ca23ac7bc948d8ac91f2f6b318cfbb1
- SSDEEP
  
  12288:NhW88Erwb4r/GWOkMBOngocM3PhRXNmh9SHi8yzW0JGU3gOWyLsFLKRIImRKMqtW:DuG7IzxdtgOW+MfG67yWqfi5I7dK
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence