MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e
SHA3-384 hash: ccf0fd95523756fa69e3a1c76cdd7eac6f34297534d56846c2b4058cc75e029f92e22354f724ec2cb7d854c2b7b30e1b
SHA1 hash: 0e6decf0a70b85825c699020b8a139e05692827e
MD5 hash: 069f7d78fead905eba9ad321096a7f55
humanhash: black-seventeen-massachusetts-floor
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'923'992 bytes
First seen:2023-01-04 01:46:57 UTC
Last seen:2023-01-04 16:44:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e5107125d2eee6559f3e19da7040621 (1 x LgoogLoader)
ssdeep 24576:ks5lGPjnl4wCuHb807NoAJfwgDwfpAkXWt8533g8wJoVnbUEDZcLAlG0S6vSe:ks5lam4b807J5QSxt8533qJSbUM3zKe
Threatray 85 similar samples on MalwareBazaar
TLSH T16995AF21D5D3F570FDF592F247BA110A8864FB9546AC84CF32D030A5207D1A37ABEBA9
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f0d4a6e8c888c4cc (1 x LgoogLoader)
Reporter jstrosch
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:chain.com
Issuer:R3
Algorithm:sha256WithRSAEncryption
Valid from:2023-01-03T09:30:23Z
Valid to:2023-04-03T09:30:22Z
Serial number: 035f44809bc421613d1a36a5637f402b1df8
Thumbprint Algorithm:SHA256
Thumbprint: 3e82868172b0eca5d7416b21aaa03cd4cacd1e7eac9f11f55eb529d80da7a688
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-01-04 01:51:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/6edf6cf9-eacc-4883-97a8-f0cee012950f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/349284/
Detection(s):
SecuriteInfo.com.Variant.Jaik.112493.30765.5778.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Unauthorized injection to a system process
Verdict:
No Threat
Threat level:
  2/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63b4da9cfc9525ae8a44d133/reports/62eef72b-a8c8-4f23-9fc2-cb355ed91023/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a8a66f48-b53d-4d09-921f-f1606b0541da
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1144867
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e/
Threat name:
Win32.Trojan.Jaik
Create hunting rule
Status:
Malicious
First seen:
2023-01-03 18:21:01 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
10 of 39 (25.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmh4u3yyv2h55agzlltfpdoyeqtrg4wkkren3s2p7n7ydsgvmb7a._file
Verdict:
malicious
Similar samples:
25dd0395643f85483595e7968be30b9ab55572f220b52b49ecea6ac3dfaef824
LgoogLoader
37e37b5d77dcdcb5d68832b5948556bc413d0a2b28dcfbf3e6b145df4c9ca1e4
LgoogLoader
61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891
LgoogLoader
76ceea32c047b1b705dc7c4dd5e077d8d95061eade40ef8ddf53b269151cfb3f
LgoogLoader
8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937
LgoogLoader
d08b59352d10ca03662860fd6f74d4d275e51a019335c50b264abe9e71c900af
LgoogLoader
d66e9a4ad9b98c270c0b6ef1ab205ab8b3de44d42c694893570e6a7f4cfd8560
LgoogLoader
e438b0686e14786fa975d2d724c0fb8615e868a1210c57e0323d537cbb08c665
LgoogLoader
e806601047d5a080ababc1274c39cd1916583124166b985ca65b08f0a0e6feea
LgoogLoader
f2f2fa1f2bfab812eb154d51fa5d22b303639f8a74442b9ef14e4be678fad1ee
LgoogLoader
+ 75 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/230104-b7jqnade98/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e3ef91dc-27d7-43ca-b21b-4ec9ba62d3aa
Unpacked files
SH256 hash:
484f38f3fc03a7280041c23e47363a86a15ad06d931fc8483facb1562c5cfeac
MD5 hash:
a6f3b4c132cf758d9bd1ea359c9795c3
SHA1 hash:
39da1d6e19d459b933d54c907456398429bab2dc
Link:
https://www.unpac.me/results/2c1822c3-9ff6-42a5-af06-2e77093c4480/
SH256 hash:
5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e
MD5 hash:
069f7d78fead905eba9ad321096a7f55
SHA1 hash:
0e6decf0a70b85825c699020b8a139e05692827e
Link:
https://www.unpac.me/results/2c1822c3-9ff6-42a5-af06-2e77093c4480/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5b0fca6f18ae/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LgoogLoader

Executable exe 5b0fca6f18ae8fde80d95ae6578dd824271372ca5448ddcb4ffb7f81c8d5607e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2488375/
Cape
Cape
https://www.capesandbox.com/analysis/349284/

Comments