MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891
SHA3-384 hash: 1165fbb8c8da0daac338254f6ea86f6444d9041cdb19aa993571265cbc81d5a1fc5724ad6af8932cd7aa2a5a84b4ab6f
SHA1 hash: 54515df21f15588e90e271e0940c40d725320033
MD5 hash: e2dbac77468e891411fd826051cd0940
humanhash: mango-cola-winter-alabama
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'384'136 bytes
First seen:2022-11-17 14:15:25 UTC
Last seen:2022-11-19 07:52:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 732f4cfdca2cfdac9ecb5aaba5b9fdb5 (2 x LgoogLoader, 1 x RecordBreaker)
ssdeep 24576:XzCYTsJOE5DLjjRC6w5j+vCtWwkRm7PjQsRgZU+W4n:XzCx5DLjj87PVrjQsRyN7n
Threatray 16'496 similar samples on MalwareBazaar
TLSH T15F55BFA4081C1873CD9D347CC8658B2DF5E9EBEA9ED7267AF1BD811A40910E1C37A7C6
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 0024cece8c9a2e00 (1 x LgoogLoader)
Reporter andretavare5
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:*.bayt.com
Issuer:Go Daddy Secure Certificate Authority - G2
Algorithm:sha256WithRSAEncryption
Valid from:2022-06-27T08:21:35Z
Valid to:2023-06-28T11:01:00Z
Serial number: 5b0b4cd67fa76978
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b25b4db6e8e9ad33ffaabac43af4a760b5d10cbaa2aa2201ed69663a409f100b
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from https://myfileexe.s3.ap-northeast-3.amazonaws.com/tnIx095IPqTV.exe

Intelligence

File Origin
# of uploads :
46
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2022-11-17 14:16:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1723d2e0-d736-4141-8b9d-73fc4df9ef5d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/335343/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Raccrypt.30476.25109.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/637642242445ecec3cc4ca6c/reports/9d0502c9-d8e6-44f3-887f-4de686e2bce3/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/43c21c10-2de3-48fc-8c29-3a9848356fe0
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1115787
Signature
Allocates memory in foreign processes
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-11-17 14:16:09 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mfbwfbnxank2nybdtsmczg2kclhsayofxha6wl2p7fythrkj5ciq._file
Verdict:
malicious
Similar samples:
040aa152e739826874a268f4ffb8be80dd256e7817cdb2c25329d25a5264671e
LgoogLoader
2bc35780b427873d03d777f75b112473d6593fdf7eab195dd75a6ba1ec1daec9
LgoogLoader
2fbf3507320d77ce68ad429c66ddcf0d53cedcb3cf8396c1057c820737bf9e11
LgoogLoader
4268c628b2cfcf6700dc00f43a474bd0fa720b43008bc3684631453542523bea
LgoogLoader
49263745f35d59a6845e6d654980d96ec831d0f7be41ae11a4669098f3a50740
LgoogLoader
6aa8c7811e02d48797f51fd635e97060112122222638a725306ba6b690f691d1
LgoogLoader
9579c6c9e07b1c6329bac90c764b3b427e0bfd97e797c5e5b9db1a7db477d5e7
LgoogLoader
9d5670638fac6e9e5670cd6985894e9b2fcf1fb334973e5e3424fb246f835e11
LgoogLoader
ba4fb2a15fa8baf942cdb9bddc882288290dbb6663b701b67e9ae48c85d362cb
LgoogLoader
+ 16'486 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221117-rk5bvaaf2y/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/4c94f99b-fe86-4bb7-9b01-25d66175a3b3
Unpacked files
SH256 hash:
4d322537dffff3f74d976105d2c647ea86d9ae3dd179f423a3808d2620dc429e
MD5 hash:
ea13f2553638006fcdf3a3056e10ae75
SHA1 hash:
6fb7d807f1005aeb51d6d728856e642e2d4c91a8
Link:
https://www.unpac.me/results/7da3dcd2-8bc0-4144-a54a-57a0128194d9/
SH256 hash:
61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891
MD5 hash:
e2dbac77468e891411fd826051cd0940
SHA1 hash:
54515df21f15588e90e271e0940c40d725320033
Link:
https://www.unpac.me/results/7da3dcd2-8bc0-4144-a54a-57a0128194d9/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/61436285b703/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/335343/
  
URLhaus
https://urlhaus.abuse.ch/url/2422681/

Comments