MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3
SHA3-384 hash: 83d6bb11682bb8111deb85b151e2abb24c1dbb9e9d8c0673f755f1ba5fca657e6c87b92363191a6ed4c0b30038fc135d
SHA1 hash: f99870386624e5705ead6e1573372d60db48bc87
MD5 hash: 8b645f5e4c99ee9331bb00b2c055efbc
humanhash: enemy-foxtrot-stairway-oven
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:2'939'392 bytes
First seen:2023-04-13 01:38:00 UTC
Last seen:2023-04-14 03:32:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 177b7c826f269248d022fa13968bad94 (1 x LgoogLoader)
ssdeep 49152:UMBg5fGxwjIuzOtmavKqUSQaXha41jQJejC4QitX5:6fGx+wVBfB1jCy
TLSH T16FD59E09D39109E4D15BCA34CA19CB33F3B1B9170730B7AB4AA6D6456F736A18F6F212
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter andretavare5
Tags:85-217-144-143 exe LgoogLoader


Avatar
andretavare5
Sample downloaded from http://85.217.144.143/files/123.exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
357
Origin country :
US US
Vendor Threat Intelligence
Malware family:
smoke
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-04-13 01:38:19 UTC
Tags:
opendir loader smoke trojan gcleaner
Link:
https://app.any.run/tasks/054ff7b6-464f-4d87-8fe6-2e7d13222d6e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381933/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
Sending a custom TCP request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/77696/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
83%
Tags:
anti-debug greyware
Link:
https://www.filescan.io/uploads/64375cfb0530985b5cccd4bc/reports/0749335d-10df-4afe-b01e-b668d662036e/overview
Verdict:
Malicious
Labled as:
Win/grayware_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1d01b536-96db-4c75-8041-6853035a639e
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1212989
Signature
Allocates memory in foreign processes
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 845905 Sample: file.exe Startdate: 13/04/2023 Architecture: WINDOWS Score: 52 11 Yara detected lgoogLoader 2->11 6 file.exe 2->6         started        process3 signatures4 13 Allocates memory in foreign processes 6->13 9 InstallUtil.exe 6->9         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3/
Threat name:
Win64.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2023-04-13 01:39:09 UTC
File Type:
PE+ (Exe)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o46bgs4k3swnnun6zyvpwefzs7erhr42rlcpryu6bnlex2dnk7zq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230413-b2dx8ahh8y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Unpacked files
SH256 hash:
773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3
MD5 hash:
8b645f5e4c99ee9331bb00b2c055efbc
SHA1 hash:
f99870386624e5705ead6e1573372d60db48bc87
Link:
https://www.unpac.me/results/f018375c-ad98-4e6f-941e-e023358deb5d/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/773c134b8adc/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/773c134b8adcacd6d1bece2afb10b997c913c79a8ac4f8e29e0b564be86d57f3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/381933/
  
URLhaus
https://urlhaus.abuse.ch/url/2605319/

Comments