MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937
SHA3-384 hash: 10bdc9e8ae6509fe2520636494fe943a42ca082f47f59b3f8038cec725be83166fe2058d1a06dc6a5f17b91e0617fd30
SHA1 hash: 01b96b31410af3c3e78f445c328e77b6df15efbe
MD5 hash: b0e9d73b088bba7ae904f293e8a13c55
humanhash: michigan-florida-neptune-venus
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'487'336 bytes
First seen:2022-11-19 09:13:56 UTC
Last seen:2022-11-19 16:18:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c87c269684dd62d98968492b86dd710d (3 x RedLineStealer, 1 x LgoogLoader)
ssdeep 24576:JPjoBjKAMOOSAAZTkbTQIrq3sUGPEyle8a+9CXkRKsHg+NslXiaaJnjtP0kibyPa:Vjot2dWTaIb6lle8l9CXkRKsHg+NQCnq
Threatray 41 similar samples on MalwareBazaar
TLSH T1F665F1A0F9F30776CAD35739353366AE07BA901E52AB851359C5E3F71E10BE7968C280
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 90c0e2e0acfc38b6 (1 x LgoogLoader)
Reporter andretavare5
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:unsplash.com
Issuer:GlobalSign Atlas R3 DV TLS CA 2022 Q3
Algorithm:sha256WithRSAEncryption
Valid from:2022-09-27T17:42:11Z
Valid to:2023-10-29T17:42:10Z
Serial number: 01465bca7b3eec596fea1a5d7c285934
Intelligence: 4 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: d57613be35b14815bfe0b73b79a996f04043f2aba4d614a36f49968778d35a79
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from https://myfileexe.s3.ap-northeast-3.amazonaws.com/hhgh.exe

Intelligence

File Origin
# of uploads :
10
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-11-19 09:17:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5a9ef935-2552-4951-8dc4-2bb03073687d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/336072/
Detection(s):
SecuriteInfo.com.Variant.Jaik.104481.795.25546.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Creating a window
DNS request
Launching a process
Sending an HTTP GET request
Creating a file in the %temp% directory
Forced shutdown of a system process
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63789e5d6fda73cab64e7bc2/reports/ea0ddaf1-30c3-4750-bff0-0013fe6099bc/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Mustang Panda
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/95e27592-ab59-4b7d-a59a-83970276d88c
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1117082
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Opens the same file many times (likely Sandbox evasion)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Suspicious
First seen:
2022-11-19 09:14:11 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qoi55b2megwahpycyltpu77kxqdleqq56hfgqigmhcwzcgygbe3q._file
Verdict:
malicious
Similar samples:
44192d53830cd0b58bd4c3213649104f23f5c5cb2d4f1168d2d07654e841b907
LgoogLoader
4bca267476a6f4389ff2b2b96b5d050e822295f1b9c6fb53888bfe5528febe60
LgoogLoader
61436285b70355a6e0239c982c9b4a12cf2061c5b9c1eb2f4ff97133c549e891
LgoogLoader
7b9c1aa81aef60c0b403ff3859fc4c6be0b48fb56e1a4456f42ed0da84941993
LgoogLoader
7e20c52b5f40ae6bdfaa67996aa35a93c3ff1e1a197ba6b582fac1555af6d0f9
LgoogLoader
89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27
LgoogLoader
ba4fb2a15fa8baf942cdb9bddc882288290dbb6663b701b67e9ae48c85d362cb
LgoogLoader
be7096119b86de54f3a82c8059e372396169c30d2300d4ec768f4065e4b1b9a7
LgoogLoader
e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330
LgoogLoader
+ 31 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221119-k7a8yshe6y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Informative
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a04d09b0-0996-4836-90f9-324d4edebc5a
Unpacked files
SH256 hash:
00a6d3e34b0d2787745b99c9648961e098ad4a644ae292fbf520afe0dda4413f
MD5 hash:
5835c456323af3ae01956018b0cf56a8
SHA1 hash:
b54f900cf0cc5b06bf498fed4eddb25b8dda5bab
Link:
https://www.unpac.me/results/52584c1f-1115-4b72-b76c-b4857ff229f7/
SH256 hash:
8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937
MD5 hash:
b0e9d73b088bba7ae904f293e8a13c55
SHA1 hash:
01b96b31410af3c3e78f445c328e77b6df15efbe
Link:
https://www.unpac.me/results/52584c1f-1115-4b72-b76c-b4857ff229f7/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8391de874c21/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/336072/
  
URLhaus
https://urlhaus.abuse.ch/url/2426681/

Comments