MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


lgoogLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6
SHA3-384 hash: b1299833c08c353078904da9c6b303ab1a506891ea7c92bc2960a078dfe614890c13f7eefa53934cdabf3855b64417f2
SHA1 hash: c586b4ae6ad87d1d6a90156db0031f1a3f311e36
MD5 hash: e0a91e88088622a16193f4b524f61c9b
humanhash: bluebird-illinois-angel-oven
File name:file
Download: download sample
Signature lgoogLoader
Create hunting rule
File size:1'946'304 bytes
First seen:2022-11-09 21:50:26 UTC
Last seen:2022-11-09 23:52:43 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f1feeb9e7dee8c31856c4e424ba4c89b (3 x RedLineStealer, 2 x lgoogLoader, 1 x RemcosRAT)
ssdeep 49152:eMsHmFmmBgyXMDKtV0rPo3ur4bIvXekf7:efchYM0rPo3urXvV7
Threatray 38 similar samples on MalwareBazaar
TLSH T1469501C3D7944867C847EE39DE7A52A666F115CE077F91CB86D303F88ACB5822C4E246
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0dc96868adcf0f0 (2 x lgoogLoader, 1 x ArkeiStealer)
Reporter jstrosch
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:*.infinity.com
Issuer:Sectigo RSA Organization Validation Secure Server CA
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-22T00:00:00Z
Valid to:2023-09-21T23:59:59Z
Serial number: 982bb3995415c1ce157998f0b036fccd
Intelligence: 7 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 6b8ed536f8f3d0f8d6abf7687a06b777cd5843d7ac5001b7ba832e8a520fcfe0
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-11-09 21:54:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/01ac1931-0a5b-417b-afcf-89702194d819

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/331481/
Detection(s):
SecuriteInfo.com.Trojan.GenericKDZ.93388.14233.22967.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Launching a process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/636c20c783b66bc0f0422c80/reports/7dde1b4f-ffa6-44fc-99df-06cd89381aec/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c68c0961-13dc-4e12-9893-4a5e4b3e0c51
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1109767
Signature
Allocates memory in foreign processes
Found stalling execution ending in API Sleep call
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6/
Threat name:
Win32.Downloader.LgoogLoader
Create hunting rule
Status:
Malicious
First seen:
2022-11-08 23:18:21 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
15 of 26 (57.69%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kflyb6up7bnerwgc4li7hvznil5sfk4nbdhxqrnzfjj77x3az7ta._file
Verdict:
malicious
Similar samples:
303bd4a9a4f522900dcb9af3030f9683b64cb904e12e75ed06723c43215ef438
lgoogLoader
322f8b985672fe452211e1299a29037be69a9b467e8a8cdcad02afd0835e1dee
lgoogLoader
32e8bb7e05049dcc6ffad8ff029468246734dd8adb01af52a55ddc1488b397c3
lgoogLoader
477ca79c48c0ae888a5da641e5fbabc7d7c8ba7100e77a9b09cc66719360b086
lgoogLoader
8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96
lgoogLoader
b2f634be000cf32e481c6f66928d8a428a3481f17c7a045a39150bdf9ae6dbe7
lgoogLoader
e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330
lgoogLoader
fea97bcd0bcd24fae553aa9152a410e3e6064edbd8011c3b2d9fcee40cc430f8
lgoogLoader
+ 28 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221109-1qgbmscdh4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/152fc33e-923f-486c-9bca-4e871014c200
Unpacked files
SH256 hash:
766e30055aa244454693801772f0fdfd1399fe83ed9244cf429f3a3843d30166
MD5 hash:
fdd2cec5a08e427704a89ffcfbfefdec
SHA1 hash:
9105d7e090503ebc1c5776b541d4c1e55f1716fe
Link:
https://www.unpac.me/results/7eca736c-0840-445b-b32e-dc86ac9acb31/
SH256 hash:
539656849d5011456dfa63306e72150c7908e8bf31e188c9d94a7d27ca0d3740
MD5 hash:
ec0f6c7bf594b05b26f906785700b23b
SHA1 hash:
862a0cf2b673ed72cfd8405c2512312c8462d269
Link:
https://www.unpac.me/results/7eca736c-0840-445b-b32e-dc86ac9acb31/
SH256 hash:
515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6
MD5 hash:
e0a91e88088622a16193f4b524f61c9b
SHA1 hash:
c586b4ae6ad87d1d6a90156db0031f1a3f311e36
Link:
https://www.unpac.me/results/7eca736c-0840-445b-b32e-dc86ac9acb31/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

lgoogLoader

Executable exe 515780fa8ff85a48d8c2e2d1f3d72d42fb22ab8d08cf7845b92a53ffdf60cfe6

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/331481/
  
URLhaus
https://urlhaus.abuse.ch/url/2406510/

Comments