lgoogloader | c444206e7c06d031ee9f3d5296c6ab58ad9b43de25cd321d8b29de5393c3e2cb | Triage

Sharing

General

Target

788f396393dcab0c3dee93fbd2ae8371.bin
Size

21KB
Sample

230610-bzzf5sef7y
MD5

b9e3cddc0b1a40101b0193ce6ec33350
SHA1

f395cb8a1f747794cd1a63a84cb6ce483e21e7c2
SHA256

c444206e7c06d031ee9f3d5296c6ab58ad9b43de25cd321d8b29de5393c3e2cb
SHA512

be6f319b43245e2f57ef8389aaaf62f16ea6093bd6127f7c3360fe1ffff6117fb6ccc985464aed29833ae66fba6a91d986559ac58753f9b2db39bf1ed60a732b
SSDEEP

384:so/u6/X3FK077FOdLzGU86LK25W+QLdjTnYnOvcwLxWAnI/o6FjlPrz4j:s2u6/nRAzC4W+QLdHY7wNWAnIgwp4j

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  7ba6ab30eb71e8ab3ccdc734633391c092b25160f62173d4b6237da6c55b5a24.exe
- Size
  
  45KB
- MD5
  
  788f396393dcab0c3dee93fbd2ae8371
- SHA1
  
  3ba5c566299ba91072f41cffa8894a237bcff71d
- SHA256
  
  7ba6ab30eb71e8ab3ccdc734633391c092b25160f62173d4b6237da6c55b5a24
- SHA512
  
  a11266ac7f051fc8ef89ae8a003dd7d27456891e835754d40b706d08c0446d1a176eb2ff3673dfb3a351b8e59856db4902b90d44195c9c3d88a99d3fdaeb35d4
- SSDEEP
  
  768:RjFq7GFIOtbLrPg2Eln1eL2HLMGTay0CE5qb4rafyFZ:xF3b/PZEV1eL2rhTarefyFZ
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence

behavioral2

lgoogloaderdownloaderpersistence