lgoogloader | def47cbe5de9b42a8024427f3183ed92d42aea9dffb1ed8b0aa8fd49d26fa26e | Triage

Sharing

General

Target

3dea18962bbc54787a0715e84b9d463a.exe
Size

402KB
Sample

230612-nfezlscc8t
MD5

3dea18962bbc54787a0715e84b9d463a
SHA1

111a364cab17d093538d1f35e99bef22b034eb73
SHA256

def47cbe5de9b42a8024427f3183ed92d42aea9dffb1ed8b0aa8fd49d26fa26e
SHA512

1367ef4488c7b298e108d04317261b867cde43050af240217714ac49b8c41f63c4e26201a6b892c76175d34304c838169d4e2f737b545211bc2841371783c25b
SSDEEP

3072:FDeHrC2edASgrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3Lzs/v6:tx2egmooARiXCFT2Fp6SQaofZA9

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  3dea18962bbc54787a0715e84b9d463a.exe
- Size
  
  402KB
- MD5
  
  3dea18962bbc54787a0715e84b9d463a
- SHA1
  
  111a364cab17d093538d1f35e99bef22b034eb73
- SHA256
  
  def47cbe5de9b42a8024427f3183ed92d42aea9dffb1ed8b0aa8fd49d26fa26e
- SHA512
  
  1367ef4488c7b298e108d04317261b867cde43050af240217714ac49b8c41f63c4e26201a6b892c76175d34304c838169d4e2f737b545211bc2841371783c25b
- SSDEEP
  
  3072:FDeHrC2edASgrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3Lzs/v6:tx2egmooARiXCFT2Fp6SQaofZA9
Score

10^/10

persistence lgoogloader downloader
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lgoogloaderdownloaderpersistence