lgoogloader | e3154c333a12af252dee9b4c23cf76df0cd7d1d7b978bc0ff23f7da9708fd93f | Triage

Sharing

General

Target

64611ca692664bc54b040e4b01c38ff4.bin
Size

106KB
Sample

230613-bn4aysec99
MD5

ce63653b88e465ce7994685ae3576204
SHA1

c4cd59c113fda763afd4d028dc8e1a54ac63e0ac
SHA256

e3154c333a12af252dee9b4c23cf76df0cd7d1d7b978bc0ff23f7da9708fd93f
SHA512

773d4f7cd2b00e63ff89d30c1e5693711ba9915a1ab76c781fd83ccaf35ae03bffe32bbb165de35761672330ac62a7901ac371273b75cbd547c32763e3699e07
SSDEEP

3072:7gEvUvHuN8cOdbnLdV7o+kBVg48JJZYzF:7HgHs4dxoVMJJZYzF

Score

10^/10

lgoogloader downloader persistence

Malware Config

Targets

- Target
  
  8080f28eb2c4e6406a8df0f3ed8c1f42f8bb038a35398e13d29c618ade13d06e.exe
- Size
  
  402KB
- MD5
  
  64611ca692664bc54b040e4b01c38ff4
- SHA1
  
  83c4893ea4e7bbe82cd5b9ad197e37462e9c43c6
- SHA256
  
  8080f28eb2c4e6406a8df0f3ed8c1f42f8bb038a35398e13d29c618ade13d06e
- SHA512
  
  d98649ab0b002a4bfadb31ae0105b61153cf17ba39e1f81a6c6d697e39958d62b7384e15332e5eb9ca97910e15dfb3774666740c851ecde8aac65eba803e6c6b
- SSDEEP
  
  3072:8mXHmM0YFSJrXx0ooARRMkAHFIxobrvZkJv6SjaFvVmuLyRpPS68urGh3Lzs/vqH:Z10YMmooARiXCFT2Fp6SQaofZAf
Score

10^/10

persistence lgoogloader downloader
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lgoogloaderdownloaderpersistence