MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33a234f3faa0307efb4e286af5df42a3a71ce440f9be28075d7ec9c669e81df7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33a234f3faa0307efb4e286af5df42a3a71ce440f9be28075d7ec9c669e81df7
SHA3-384 hash: 42dde58cb3d36c072d5636dba5c114379c6bd8bd6e0c798c90d70b09f4a450cf32d79c2108faee387a78ce3023e7b24e
SHA1 hash: d3ad912635baf62bec2fdffed3ce3b36428752e2
MD5 hash: bc09b67f76e7242ae11615571def8349
humanhash: fanta-eighteen-lemon-five
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:507'392 bytes
First seen:2022-11-26 05:28:45 UTC
Last seen:2022-11-26 19:34:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:8zPCxrXi65nthO+wrC9ckOA1cyhzv7Ufu9ie0NWcC/:gPQrXi65n7vw+GkPVhP2Fe0YcC
Threatray 672 similar samples on MalwareBazaar
TLSH T118B40251B9805BD5F1FEFB3B6F2BF9C0A66CCEA2342A9140E9110EE591D708F7938425
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter andretavare5
Tags:exe LgoogLoader


Avatar
andretavare5
Sample downloaded from https://vk.com/doc760750097_656858245?hash=7yr3OqKmZfW8euCHz7oTotZvxbkTXQwnNXwI7VonB8D&dl=G43DANZVGAYDSNY:1669436167:izaJ3angcSXsZLdjWrErJUZmbZqpTCjXmYb78GDYH0g&api=1&no_preview=1#adan

Intelligence

File Origin
# of uploads :
9
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-11-26 05:31:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae96d8e7-d81c-41cb-a941-e30fee0db879

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/338690/
Detection(s):
SecuriteInfo.com.Trojan-Spy.AgentTesla.14675.10955.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% directory
Creating a service
Loading a system driver
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Changing a file
Using the Windows Management Instrumentation requests
Creating a file
Enabling autorun for a service
Blocking the User Account Control
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6381a41e24da1c12cfe1ba0d/reports/7e899457-d227-4855-b620-cd4806d97eba/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/49a20621-0958-4cfd-83b7-bbacb7c526ee
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1121496
Signature
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Disables UAC (registry)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Sample is not signed and drops a device driver
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33a234f3faa0307efb4e286af5df42a3a71ce440f9be28075d7ec9c669e81df7/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-11-26 05:29:08 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
17 of 26 (65.38%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gordj472uayh562ofbvplx2cuotrzzca7g7cqb25p3e4m2pidx3q._file
Verdict:
malicious
Similar samples:
002e81aaa44917c3f31513578174f22fa9eab43e0a64714901a8e1efe8887cec
LgoogLoader
26e9c2f05c547a575d40b66a4feb317af53b65062611eea7ed6005e0ed88d1e9
LgoogLoader
623c410c316befe7e6cf4d8459bc0d112d7462b40dd31c524f10f268f1ef378e
LgoogLoader
7a3d9a2e7fbcdd35fa3c5c195892b4c7940c669cde48def4832aa7e91736d532
LgoogLoader
8c07c75832300423a6c95e75e776b7ce9de117201bd218d59cc73dc780319649
LgoogLoader
a6f687d95308fd4d110ee7f8b07d3992e35802042f2d68c6216a5606b9ef8ab8
LgoogLoader
a8db61754cfe3eb3cde12a63eadb0631b3437bbbe05bb9c1bbf7d3f4af31a56d
LgoogLoader
c09e4ce0e0baa34a9c9043f4116639a4e0513d953135b4408fc5a5f02a9d2b58
LgoogLoader
da25fa6c320d11fefa4fb2fb6550e53048b91660a616978067e1d10fd10bbf67
LgoogLoader
+ 662 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader evasion persistence trojan
Link:
https://tria.ge/reports/221126-f6kc1shf6x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
System policy modification
Enumerates physical storage devices
Program crash
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Checks computer location settings
Windows security modification
Sets service image path in registry
Detects LgoogLoader payload
LgoogLoader
UAC bypass
Windows security bypass
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/eb753a41-9ced-41dd-a3c8-488665f540c9
Unpacked files
SH256 hash:
33a234f3faa0307efb4e286af5df42a3a71ce440f9be28075d7ec9c669e81df7
MD5 hash:
bc09b67f76e7242ae11615571def8349
SHA1 hash:
d3ad912635baf62bec2fdffed3ce3b36428752e2
Link:
https://www.unpac.me/results/33fa2198-dd56-47b5-bf56-dd44d03ba9a3/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/33a234f3faa0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/33a234f3faa0307efb4e286af5df42a3a71ce440f9be28075d7ec9c669e81df7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/338690/

Comments