MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d
SHA3-384 hash: e3fb2b5d150317a6ecf3b4f663b1274b688df3b06d37a245fe5c29f4b6028f35e5e00d465c5b5f6febb9e7b78e2911a0
SHA1 hash: b6ab49f002f28400cc6baf068584470e79390933
MD5 hash: 5bb0037f79e147932c0b33d78a7cc6f9
humanhash: jersey-berlin-arkansas-don
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'909'656 bytes
First seen:2022-11-15 21:25:41 UTC
Last seen:2023-08-26 22:07:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b128da42edc801068b5469911b24a324 (3 x lgoogLoader, 1 x RemcosRAT, 1 x RedLineStealer)
ssdeep 24576:kezqu2yNYWgx6SMu+qHlbflIw4MxoEzGa8VhmqIxd9YhdAz0p4nrpnbTIri:58yN/xSMutptIw4MxoEMQtbZAp4ndn0i
Threatray 98 similar samples on MalwareBazaar
TLSH T1429501A674D1F331D40909389926937A7F69EFF6633B201B5234736A31FD231DE66A02
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 621d66f130934638 (1 x LgoogLoader)
Reporter jstrosch
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:4ever.com
Issuer:R3
Algorithm:sha256WithRSAEncryption
Valid from:2022-10-11T09:40:24Z
Valid to:2023-01-09T09:40:23Z
Serial number: 047d80a5afe23c26f01674b5d4a01fb6c4d0
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: a7321e9ee27d6943a8dd7b7d05eee8466e60d3577eaa8df1d446c2fa39c24e44
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
214
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2022-11-15 21:27:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/69806ab2-92f2-454e-ba7f-0d1778fa4d08

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/334516/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63563857.11241.21620.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/637403ee07c3f5e84a015466/reports/54ea46ea-c826-4e7d-9d01-1f80a0b0b6d8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0a53eb5f-c0f9-4d26-8c95-399bffd94c10
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1114297
Signature
Allocates memory in foreign processes
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d/
Threat name:
Win32.Downloader.LgoogLoader
Create hunting rule
Status:
Malicious
First seen:
2022-11-10 19:38:19 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
13 of 26 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d5kj7ll7pqzcdt6joyvc6ur3bb5ykf5a6bws34a3db4ulwkhraoq._file
Verdict:
malicious
Similar samples:
515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6
LgoogLoader
7b9c1aa81aef60c0b403ff3859fc4c6be0b48fb56e1a4456f42ed0da84941993
LgoogLoader
89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27
LgoogLoader
a04acbc25f52864d80fd101aee07ba1817750087610620f57196319a8f0f5bf1
LgoogLoader
be7096119b86de54f3a82c8059e372396169c30d2300d4ec768f4065e4b1b9a7
LgoogLoader
e438b0686e14786fa975d2d724c0fb8615e868a1210c57e0323d537cbb08c665
LgoogLoader
e806601047d5a080ababc1274c39cd1916583124166b985ca65b08f0a0e6feea
LgoogLoader
f2f2fa1f2bfab812eb154d51fa5d22b303639f8a74442b9ef14e4be678fad1ee
LgoogLoader
+ 88 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221115-z966qsga58/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/96ce2b5a-6f20-4ac9-9acc-abb87e2f40ed
Unpacked files
SH256 hash:
bd06b165a2133d9135016eabbf67d4df1ebc9d02b348a197cd5f48999f43df6a
MD5 hash:
a5659827f9b1e509a9abc825c71b8df3
SHA1 hash:
f12082709a22edeffd632b6973810018907d3e9f
Link:
https://www.unpac.me/results/5f301131-41f9-428e-b962-1147e4332ba8/
SH256 hash:
049e1de6cb81224fb8cbcc067fd8bbd9423851f924d6a75865e8896d96067dfc
MD5 hash:
a4b48cd703520fa01a0f59ff69457e61
SHA1 hash:
652622526ca732016703791071eed9df77e2193d
Link:
https://www.unpac.me/results/5f301131-41f9-428e-b962-1147e4332ba8/
SH256 hash:
1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d
MD5 hash:
5bb0037f79e147932c0b33d78a7cc6f9
SHA1 hash:
b6ab49f002f28400cc6baf068584470e79390933
Link:
https://www.unpac.me/results/5f301131-41f9-428e-b962-1147e4332ba8/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1f549fad7f7c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LgoogLoader

Executable exe 1f549fad7f7c3221cfc9762a2f523b087b8517a0f06d2df01b187945d947881d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/334516/
  
URLhaus
https://urlhaus.abuse.ch/url/2414151/

Comments