lgoogloader | 9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

9ae11d65b3...83.exe

windows7-x64

9ae11d65b3...83.exe

windows10-2004-x64

Sharing

General

Target

9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
Size

101KB
Sample

240226-fq4fysea8t
MD5

19046ffd0a7a3365ba8e5b464bba149b
SHA1

66ce137113ada0844a916252f0e456d06cf906c1
SHA256

9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283
SHA512

639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed
SSDEEP

3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS

Score

10^/10

lgoogloader discovery downloader evasion trojan

Static task

static1

Behavioral task

behavioral1

Sample

9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe

Resource

win7-20240221-en

lgoogloader discovery downloader evasion trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe

Resource

win10v2004-20240221-en

lgoogloader discovery downloader evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283.exe
- Size
  
  101KB
- MD5
  
  19046ffd0a7a3365ba8e5b464bba149b
- SHA1
  
  66ce137113ada0844a916252f0e456d06cf906c1
- SHA256
  
  9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283
- SHA512
  
  639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed
- SSDEEP
  
  3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS
Score

10^/10

lgoogloader discovery downloader evasion trojan
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Contacts a large (5063) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables packed with or use KoiVM
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Windows security modification
  evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Scripting

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Network Service Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lgoogloaderdiscoverydownloaderevasiontrojan

behavioral2

lgoogloaderdiscoverydownloaderevasiontrojan

© 2018-2025

Terms | Privacy