lgoogloader | e8483e9918697dc2fd3b4fc0fde38795851312dd38c1a6c83acdcaba47f8de7b | Triage

Sharing

General

Target

194e670dffccd5785da26231d032e808.exe
Size

403KB
Sample

230612-nevcxabg26
MD5

194e670dffccd5785da26231d032e808
SHA1

0a6ce468233b96041edc69330a0efa4b90194b4f
SHA256

e8483e9918697dc2fd3b4fc0fde38795851312dd38c1a6c83acdcaba47f8de7b
SHA512

935183ef75fd7acf057773d96b9e41ea419a2705afa21193b13b763655d8659db5be141aad210e0afa241036b0d0610444de40b68168ccf711059be14ad8c890
SSDEEP

3072:eZSUo1eprSwrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3Lzs/vqq:enpNmooARiXCFT2Fp6SQaofZAC

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  194e670dffccd5785da26231d032e808.exe
- Size
  
  403KB
- MD5
  
  194e670dffccd5785da26231d032e808
- SHA1
  
  0a6ce468233b96041edc69330a0efa4b90194b4f
- SHA256
  
  e8483e9918697dc2fd3b4fc0fde38795851312dd38c1a6c83acdcaba47f8de7b
- SHA512
  
  935183ef75fd7acf057773d96b9e41ea419a2705afa21193b13b763655d8659db5be141aad210e0afa241036b0d0610444de40b68168ccf711059be14ad8c890
- SSDEEP
  
  3072:eZSUo1eprSwrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3Lzs/vqq:enpNmooARiXCFT2Fp6SQaofZAC
Score

10^/10

persistence lgoogloader downloader
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lgoogloaderdownloaderpersistence