MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a2277b023072b23e557dff89a6b762d232c26d464fc04fcaa906e71924d752a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a2277b023072b23e557dff89a6b762d232c26d464fc04fcaa906e71924d752a
SHA3-384 hash: 8c20dd12f919258b8a23953c0248b31712a2477b6abde7cdc7020ec9025efd628d17137827525dce917253382e70b50e
SHA1 hash: 1db66c604f8484b2d318a5d352b52ed2866ba089
MD5 hash: 6888327ec5833ff1e9b05e0bd718c9e8
humanhash: seventeen-enemy-nitrogen-orange
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'873'312 bytes
First seen:2022-12-27 14:54:13 UTC
Last seen:2022-12-28 05:49:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c411c589bf7ee636c26cbec84a493709 (2 x LgoogLoader)
ssdeep 49152:SLhYE3RXrATRDSklKp2zqyOklekiwxvxDn4tUryj:SLhYE3RXrSRblKp5LklezFj
Threatray 91 similar samples on MalwareBazaar
TLSH T10A857EEE717BCBBAD4AA81B3809A63C112DD90B8F711F81DE96015C60E56D4F71A8F13
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0ccb6b2b2b6c8f0 (1 x LgoogLoader)
Reporter andretavare5
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:time-les.si
Issuer:R3
Algorithm:sha256WithRSAEncryption
Valid from:2022-12-13T13:11:51Z
Valid to:2023-03-13T13:11:50Z
Serial number: 0309d972f05bac35baca02cd759248fea2a6
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a82cf3a7a78f9a8311461d057b7b6e568c3b10e4bc838becca9b07192a077030
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from http://www.isurucabs.lk/Ads11.exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
219
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2022-12-27 14:54:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0f31ecf4-473c-41c4-8840-55111c4c7932

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Generic.ML.PUA.21548.7915.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Launching a process
Creating a file in the %temp% directory
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63ab074840e878e30420658b/reports/cd8c1aa0-d813-4ee8-8b6f-07953eda0b6a/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b5936386-4ee2-4a8d-b462-7c763db8abad
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1141596
Signature
Allocates memory in foreign processes
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a2277b023072b23e557dff89a6b762d232c26d464fc04fcaa906e71924d752a/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-12-27 14:55:09 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
11 of 26 (42.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=birhpmbda4vshzkx374ju23wfursyjwumt6aj7fksbxhdesnouva._file
Verdict:
malicious
Similar samples:
05ca799597bc2895bc89e038fe831082a2bbcaf8d6014bbba91afb9f71836884
LgoogLoader
25dd0395643f85483595e7968be30b9ab55572f220b52b49ecea6ac3dfaef824
LgoogLoader
3aa290b067cbd23d42481b61c74ae57834293f9da2e8461e3df6e0629aecb597
LgoogLoader
4184d4b8d72dd7c39855ec4b2916603118219bae7d2adcf6c5e31ab88466cc35
LgoogLoader
44192d53830cd0b58bd4c3213649104f23f5c5cb2d4f1168d2d07654e841b907
LgoogLoader
4bca267476a6f4389ff2b2b96b5d050e822295f1b9c6fb53888bfe5528febe60
LgoogLoader
8028f15755497e60af4f15e0b7171423a5ab31c12b529a0f17807d840665d177
LgoogLoader
93dc33973823843d0eba85f4f9f09561f37ff650129cdacc2ead9fffd8d131a1
LgoogLoader
c6dcdfa5821f7fb5a836ec2157742c9b117745584b82ed3f03d6987ce93d9b05
LgoogLoader
e806601047d5a080ababc1274c39cd1916583124166b985ca65b08f0a0e6feea
LgoogLoader
+ 81 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221227-safq6sac3w/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Loads dropped DLL
Detects LgoogLoader payload
LgoogLoader
Suspicious use of NtCreateUserProcessOtherParentProcess
Unpacked files
SH256 hash:
d3ae5224a94f9384f0c40b9b28220224c70faa8ff49eb11a37c5660d0812f76e
MD5 hash:
86b9457fb0fa92b06061d6a5e0b72236
SHA1 hash:
068f4d701d1387a6ee3fc4d6aad6fec7dd4c2a77
Link:
https://www.unpac.me/results/9a2ba7a8-7155-4650-9e19-471c582a654f/
SH256 hash:
0a2277b023072b23e557dff89a6b762d232c26d464fc04fcaa906e71924d752a
MD5 hash:
6888327ec5833ff1e9b05e0bd718c9e8
SHA1 hash:
1db66c604f8484b2d318a5d352b52ed2866ba089
Link:
https://www.unpac.me/results/9a2ba7a8-7155-4650-9e19-471c582a654f/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/0a2277b02307/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/0a2277b023072b23e557dff89a6b762d232c26d464fc04fcaa906e71924d752a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
  
URLhaus
https://urlhaus.abuse.ch/url/2488375/

Comments