MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 14


Intelligence 14 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f
SHA3-384 hash: 8c92de404a42952339d9de7ff3f0e359e0187f5824bec2b9f34c94df12d36c42ecd25ad101dcb91ef764b59991080930
SHA1 hash: 74d4dae484e589d43eb1ebb86f28cf545b6391f5
MD5 hash: 99404d638e22e6cd63226c2813467378
humanhash: nevada-avocado-island-mars
File name:file
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:235'008 bytes
First seen:2023-06-23 19:40:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c8681af63c4b3bc7041fe674efea6dd2 (2 x LgoogLoader, 1 x CobaltStrike)
ssdeep 3072:/eB7gI4HKm/lgYs+41whCinuHXp9NEOqr41TY6INx8WrW5BXDTu:/ehgIo1nB7nKNqc1TY/L8W6zvu
Threatray 150 similar samples on MalwareBazaar
TLSH T1C634D0217ECC80B2C4AA1A34547E8A665A7D7A313730C6477BB8426DDB50BF0D23B797
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 7174747171717171 (3 x LgoogLoader)
Reporter andretavare5
Tags:exe LgoogLoader


Avatar
andretavare5
Sample downloaded from http://85.217.144.228/files/AAAd.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
339
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2023-06-23 19:40:59 UTC
Tags:
opendir loader redline rat
Link:
https://app.any.run/tasks/c0bfc2ca-069a-453d-be46-80461428abae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/402290/
Detection(s):
SecuriteInfo.com.Trojan.DownLoad4.15603.12294.25759.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware keylogger lolbin packed shell32.dll
Link:
https://www.filescan.io/uploads/6495f54dee55f1e1b4b4f3c5/reports/6253f2f0-4f42-4b92-a576-bd84d0607788/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/679b3c2f-708c-4792-83d4-556288cceb82
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1260755
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Machine Learning detection for sample
PE file has nameless sections
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2023-06-23 19:41:05 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rz6crebcpunziqokzlmpahjokumqst3yq3zeo43xvjpctcpxl4hq._file
Verdict:
malicious
Similar samples:
2e128ec938bbb7fc4c2c9444ad21ffe9e2dee5fdc74ec9bf91d9663df77c49d4
LgoogLoader
4aba54c660a656f5bb5b75ea11029217bdf96c931c21d1143042ac3278ac6e43
LgoogLoader
4ae50705d897b5c7a148bfe6241b8c1e50d8bd836ea1af326264128d58ced7c7
LgoogLoader
51bca1340951634cd5bdb488290a162c521945fb0cf52c360b9420c8a3cfd9e4
LgoogLoader
5e445100682a5982df3301b2631e3be0d503df870175d50cf0faa3e374e742fd
LgoogLoader
6b6fb52a435554c131a8d186a61c0c199964c0e4a8a0c4d173bfe5b0e7543578
LgoogLoader
8391de874c21ac03bf02c2e6fa7feabc06b2421df1ca6820cc38ad911b060937
LgoogLoader
d06bf8cf6f3e3c5869453c9e444d66390f2c2ddec8d8ebe6cec0207a368d31f3
LgoogLoader
+ 140 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/230623-yd3b8shh8x/
Behaviour
Detects LgoogLoader payload
LgoogLoader
Unpacked files
SH256 hash:
ef4ed17c2f46b57b6470a47db17d39df2fbe98941900a9ebd29dea73f3cf4973
MD5 hash:
6ed817065f8aaf998489b7060823d58b
SHA1 hash:
7d9e712a099f841e50db6869fc988d11aac398ed
Link:
https://www.unpac.me/results/02f977dd-c459-48e4-88a8-9344f98d2d0a/
SH256 hash:
ceb192ff08bda7b4cb12d2f55806be2e5038e0701a8304dc210e9348a4d50b34
MD5 hash:
2b1c72b8354a9ce3204548c7cb0fc24e
SHA1 hash:
7790b7ade96afde27a5c1887394891932b5780e6
Link:
https://www.unpac.me/results/02f977dd-c459-48e4-88a8-9344f98d2d0a/
SH256 hash:
8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f
MD5 hash:
99404d638e22e6cd63226c2813467378
SHA1 hash:
74d4dae484e589d43eb1ebb86f28cf545b6391f5
Link:
https://www.unpac.me/results/02f977dd-c459-48e4-88a8-9344f98d2d0a/
Malware family:
RedLine.E
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8e7c2890227d/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e7c2890227d1b9441cacad8f01d2e5519094f7886f2477377aa5e2989f75f0f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/402290/

Comments