MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27
SHA3-384 hash: ddf68bbaa1f623245a33df856f59e1d8a122ed9d2be184256790c9a48712d5eab69e8e4760401d1ac7cd54945bcb99fd
SHA1 hash: bb329f21fbdfa6f3ed87157b029f563b3b686f89
MD5 hash: 98b3e8f6b9bbcf8858d86440fe56132e
humanhash: uncle-india-fanta-kitten
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:2'016'664 bytes
First seen:2022-11-15 21:25:32 UTC
Last seen:2023-08-26 22:05:34 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b128da42edc801068b5469911b24a324 (3 x lgoogLoader, 1 x RemcosRAT, 1 x RedLineStealer)
ssdeep 49152:vyXcGBw0VkWQKcY6aHxht3N2qohGfI8ouw76ts:Uu0VkWgY6aHxHkMI8ouG6C
Threatray 169 similar samples on MalwareBazaar
TLSH T1F895F1E17E62B6C4C636E47218F6A32119D3EEACF4C11421F0421B653E4EFD6F984AE5
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f68b8fb3b3b382fe (1 x LgoogLoader)
Reporter jstrosch
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:4ever.com
Issuer:R3
Algorithm:sha256WithRSAEncryption
Valid from:2022-10-11T09:40:24Z
Valid to:2023-01-09T09:40:23Z
Serial number: 047d80a5afe23c26f01674b5d4a01fb6c4d0
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: acb089e1c15132ca89b63aa88ffd8d5b6332fdc61d4efe019a5d3a3d464ac5ad
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
206
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2022-11-15 21:27:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d9b4d273-2911-4da8-89d7-d9f02452fce6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/334515/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.63563865.30295.5425.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware overlay packed raccoon
Link:
https://www.filescan.io/uploads/637403ec07c3f5e84a015464/reports/d1e9a64c-6713-46f9-8601-9bdd7f5182a7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cafaee30-1b15-4526-8053-7a91685c6c23
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1114299
Signature
Allocates memory in foreign processes
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-11-10 21:46:31 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
18 of 40 (45.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rejjuklsgkzt5hfkkow33et376u2nyncsbpsdya3c72p2n2kfqtq._file
Verdict:
malicious
Similar samples:
1d368cab5447757738b62e47b109e05df74e206884c14572ff5179be1b02d4ef
LgoogLoader
38f04820d11d14a63b75ecf5d8313c2c4fc039563d4ceeb7c6a4ca557d9fab33
LgoogLoader
47999d24a62260aceac07d042e065e8000173124ca9b8d13ac2516338b5cd282
LgoogLoader
7f6aff9bfba1f2b99f44bf234b63b2bbdd9f56accff33e1a258dc229050beb22
LgoogLoader
c84bbfce14fdc65c6e738ce1196d40066c87e58f443e23266d3b9e542b8a583e
LgoogLoader
cb5e0fe4cb4e9950b51042471b67b3bf9f8dcba4f201b1053ba69cb1ac9b54b2
LgoogLoader
+ 159 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221115-z966qsbg9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6b6dd954-799c-4036-8d06-ab6fda328b42
Unpacked files
SH256 hash:
de589da0efb5690fb6940be38541f6ff5598af15c471949e1f3d98722c2c8b2c
MD5 hash:
e89125960499f6c747d0f44f2f4a0fd3
SHA1 hash:
8476b21c531d88dc74d3ea5c9dc7013bd0dcc059
Link:
https://www.unpac.me/results/1cb1abd2-4ff1-4b5e-b217-407b17a9a3d8/
SH256 hash:
b6d1c57d2db2548ea1917618727727d278e70f195b8143aa1d529164c28327fd
MD5 hash:
bfcc06074f9ee5669d4626b8eb73e685
SHA1 hash:
ecf65234ad2257783eba6f908e9157aede13756d
Link:
https://www.unpac.me/results/1cb1abd2-4ff1-4b5e-b217-407b17a9a3d8/
SH256 hash:
89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27
MD5 hash:
98b3e8f6b9bbcf8858d86440fe56132e
SHA1 hash:
bb329f21fbdfa6f3ed87157b029f563b3b686f89
Link:
https://www.unpac.me/results/1cb1abd2-4ff1-4b5e-b217-407b17a9a3d8/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/89129a297232/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LgoogLoader

Executable exe 89129a297232b33e9caa53adbd927bffa9a6e1a2905f21e01b17f4fd374a2c27

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/334515/
  
URLhaus
https://urlhaus.abuse.ch/url/2414154/

Comments