lgoogloader | 9f800400f5ed4b80a6d032a437e3b7fc8fa53978854726fdfc0f2737c1237596 | Triage

Sharing

General

Target

1231.exe
Size

493KB
Sample

241015-t99nzavfrd
MD5

8e92c683e644b7e88184427d1b8625bb
SHA1

8b57d61299f7eaa32df979f54483ff72b47ba8f6
SHA256

9f800400f5ed4b80a6d032a437e3b7fc8fa53978854726fdfc0f2737c1237596
SHA512

027a5b35ef52be102fe4447be581140fc3cdbfd73d4531f1ebfab75672c84946dd9a4dd5ac144d9cf5e9b60a2890e0a975b254674d58ee24e3cbfc5282521dde
SSDEEP

12288:86dbSjl1WZ1oIL0WoxG3arMd9sG3SOH5:PmBMIIoWCN4Hsk7Z

Score

10^/10

lgoogloader discovery downloader persistence

Malware Config

Targets

- Target
  
  1231.exe
- Size
  
  493KB
- MD5
  
  8e92c683e644b7e88184427d1b8625bb
- SHA1
  
  8b57d61299f7eaa32df979f54483ff72b47ba8f6
- SHA256
  
  9f800400f5ed4b80a6d032a437e3b7fc8fa53978854726fdfc0f2737c1237596
- SHA512
  
  027a5b35ef52be102fe4447be581140fc3cdbfd73d4531f1ebfab75672c84946dd9a4dd5ac144d9cf5e9b60a2890e0a975b254674d58ee24e3cbfc5282521dde
- SSDEEP
  
  12288:86dbSjl1WZ1oIL0WoxG3arMd9sG3SOH5:PmBMIIoWCN4Hsk7Z
Score

10^/10

discovery persistence lgoogloader downloader
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Sets service image path in registry
  persistence
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

lgoogloaderdiscoverydownloaderpersistence