Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    30KB

  • Sample

    240216-tba3rach8y

  • MD5

    dccb2959ebb47cee38038306dab9174a

  • SHA1

    353e387c6d08b771160b445e8c276458c7d886c5

  • SHA256

    32497449b0fce1023154fd322093211786e5c20b8d09ec799303e516966eaa26

  • SHA512

    2610122c2e5d41b728df607b850743d73e8c561a9ee6b77842392da37df8ffa3b678d884143265e1d6760a30d1294475c7032797aa7bf38a2ad0afad244c849a

  • SSDEEP

    384:2dBH40N892BTKlHysslQN9SjQ6GZ79IiExzMY9PSjF+F7uklPTVx47JUirGoGCJZ:2du0N892FiwaS7ioF7uaPTwDEFiRx

Score
10/10
lgoogloaderdownloaderevasiontrojan

Malware Config

Targets

    • Target

      tmp

    • Size

      30KB

    • MD5

      dccb2959ebb47cee38038306dab9174a

    • SHA1

      353e387c6d08b771160b445e8c276458c7d886c5

    • SHA256

      32497449b0fce1023154fd322093211786e5c20b8d09ec799303e516966eaa26

    • SHA512

      2610122c2e5d41b728df607b850743d73e8c561a9ee6b77842392da37df8ffa3b678d884143265e1d6760a30d1294475c7032797aa7bf38a2ad0afad244c849a

    • SSDEEP

      384:2dBH40N892BTKlHysslQN9SjQ6GZ79IiExzMY9PSjF+F7uklPTVx47JUirGoGCJZ:2du0N892FiwaS7ioF7uaPTwDEFiRx

    Score
    10/10
    lgoogloaderdownloaderevasiontrojan

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

      downloaderlgoogloader

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Windows security modification

      evasiontrojan

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks