Overview

overview

10

Static

static

1

FileAk.exe

windows7-x64

10

FileAk.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FileAk.exe

  • Size

    101KB

  • Sample

    240226-pwbgssdg28

  • MD5

    19046ffd0a7a3365ba8e5b464bba149b

  • SHA1

    66ce137113ada0844a916252f0e456d06cf906c1

  • SHA256

    9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283

  • SHA512

    639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed

  • SSDEEP

    3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS

Score
10/10
lgoogloaderdiscoverydownloaderevasiontrojan

Malware Config

Targets

    • Target

      FileAk.exe

    • Size

      101KB

    • MD5

      19046ffd0a7a3365ba8e5b464bba149b

    • SHA1

      66ce137113ada0844a916252f0e456d06cf906c1

    • SHA256

      9ae11d65b395971a284fc936690c5d1dfd035332321fba900dfa873c58243283

    • SHA512

      639f852a4665bb80271f10e1c60e5fd6046c556aaaa5c6e9e5cbfb43552ce2d7d4d4df03c15d51ecd28f25845e71a1ee60dc49a6fd76a6b468abfb6e153a2fed

    • SSDEEP

      3072:z2NFei6thiKp+Ag3Q5JMUXFKJUHL5typ2g4e2byJYN:uFjOg3Q511Km5omeS

    Score
    10/10
    lgoogloaderdiscoverydownloaderevasiontrojan

    • Detects LgoogLoader payload

    • LgoogLoader

      A downloader capable of dropping and executing other malware families.

      downloaderlgoogloader

    • UAC bypass

      evasiontrojan

    • Contacts a large (3592) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Uses the VBS compiler for execution

    • Checks whether UAC is enabled

      evasiontrojan

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks