lgoogloader | 3204869f7cc6f0e1183dece6c31854e7503195b6360fca463263a90eff8b227c | Triage

Sharing

General

Target

4d72075fa2a204a8ce0426bced106606.bin
Size

103KB
Sample

230613-bk1ewsec95
MD5

47fe75a95140eeae4742132cf39b9a71
SHA1

725d1decb8889fd66c091c8dc1e502e54aa48dd0
SHA256

3204869f7cc6f0e1183dece6c31854e7503195b6360fca463263a90eff8b227c
SHA512

b1a212e5ef1dda3672498cf979a45fd01124840bc0ecf120de66f7f0c0e9a932b6c4f533a486e65cd194449107ff03907e4d1117f0279addb3a30fa327f69e0f
SSDEEP

3072:O6wyj7u2lP8x1/3b+9rCJ70nu9G/XIQLoaf:Ox5298L/3boeEy0XIQLoaf

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  1bb8f0bff992068eaf0d4c18735408f3bbdeb60cc9085e0a7d44cbf290b13dae.exe
- Size
  
  396KB
- MD5
  
  4d72075fa2a204a8ce0426bced106606
- SHA1
  
  63789a49e7537473b06564bba325f9990a392ab9
- SHA256
  
  1bb8f0bff992068eaf0d4c18735408f3bbdeb60cc9085e0a7d44cbf290b13dae
- SHA512
  
  7c6cdbf1a06d01580960900525c20b5b56457fcbf0e6591416f5679f9130441f403ab943dd857faf43b5a1060563cf125b135362a7bb434219420c93d6100214
- SSDEEP
  
  3072:b2/dgePzQimSelrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3LzsR:ATPzHEVmooARiXCFT2Fp6SQaofZAm
Score

10^/10

lgoogloader downloader persistence
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdownloaderpersistence

behavioral2

lgoogloaderdownloaderpersistence