MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127
SHA3-384 hash: 5853408d65c3c444ab4e0814b49fe756fc3031b66df52da106c4cfe1fd33a6d64da3d67730117280c6f09b2e35f8356d
SHA1 hash: ab6409e36fff5376c50ceb2179499ed200837850
MD5 hash: 6133900085009a3a44e208d8a1876576
humanhash: early-alaska-alpha-maine
File name:6133900085009a3a44e208d8a1876576.exe
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:1'286'160 bytes
First seen:2022-11-27 17:18:24 UTC
Last seen:2022-11-27 18:32:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f2a7669845a558af78441959111ad23e (2 x LgoogLoader, 1 x RedLineStealer, 1 x ArkeiStealer)
ssdeep 24576:a1mj0nnnnnnnnnnnnnp7aExfBjvsmPBPZPBv71Iob3czAhCGM2sP4snQns5nHnmZ:Cmj0nnnnnnnnnnnnnbxBP9nsMCRTP/nm
Threatray 120 similar samples on MalwareBazaar
TLSH T1BD55D0D20002F662D52DEFF9A98A4F3062D19CD57CF1C45749B43A7B2E7817E0BA52E8
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 30ccccccb466f0ce (1 x LgoogLoader)
Reporter abuse_ch
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:*.fishers.net
Issuer:Encryption Everywhere DV TLS CA - G1
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-27T00:00:00Z
Valid to:2023-09-09T23:59:59Z
Serial number: 04ced40beb2c799135712b0c293c2755
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: fc4c908511db032b37aebea504e3034f633b4f4c1804544c9f8d4b6083f0bbb3
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
190
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6133900085009a3a44e208d8a1876576.exe
Verdict:
Malicious activity
Analysis date:
2022-11-27 17:19:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bfc57b6a-302c-45bf-8c50-29f44cd89851

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/339114/
Detection(s):
SecuriteInfo.com.Win32.CrypterX-gen.23431.4922.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Launching a process
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/63839c0894f9bac087b38715/reports/d9ea6d9a-3818-47e4-9a83-e4ef6c90ca5e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eea66bb1-a25e-49d2-aee9-ff810abec6bc
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1122009
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127/
Threat name:
Win32.Spyware.RedLine
Create hunting rule
Status:
Malicious
First seen:
2022-11-26 23:55:42 UTC
File Type:
PE (Exe)
Extracted files:
7
AV detection:
18 of 40 (45.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tt4uxfk2q3qlcoqqdvbfddqkunk2vmdyj4kxweuiqchacgjjcetq._file
Verdict:
malicious
Similar samples:
4f1f7b8e2fc6d9fb748e37d981d6e6cb9e5de29eab70eda27189da4e86bc8c88
LgoogLoader
6aa8c7811e02d48797f51fd635e97060112122222638a725306ba6b690f691d1
LgoogLoader
76ceea32c047b1b705dc7c4dd5e077d8d95061eade40ef8ddf53b269151cfb3f
LgoogLoader
78f4cb6ed265c721890f28d96e33ce8b2defae0d8c71eaafbbc75199ca270d23
LgoogLoader
a48d0a440c75cc77f43f8639b282d5ff22d5ada4da08f7687f8bb1e64ab730fe
LgoogLoader
be7096119b86de54f3a82c8059e372396169c30d2300d4ec768f4065e4b1b9a7
LgoogLoader
d66e9a4ad9b98c270c0b6ef1ab205ab8b3de44d42c694893570e6a7f4cfd8560
LgoogLoader
e806601047d5a080ababc1274c39cd1916583124166b985ca65b08f0a0e6feea
LgoogLoader
f2f2fa1f2bfab812eb154d51fa5d22b303639f8a74442b9ef14e4be678fad1ee
LgoogLoader
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/221127-vvt6eahf71/
Behaviour
Suspicious behavior: EnumeratesProcesses
Program crash
Gathering data
Unpacked files
SH256 hash:
d0a6fb2ee8a250c4d7ec876dcac0541b38a41f7e688e5c05467c7f6d375f69aa
MD5 hash:
e56d93f568a7ff95f9c01eb8cac4c728
SHA1 hash:
376b79e62f1fe01b91ccff42ab5257debdea8193
Link:
https://www.unpac.me/results/da6fddb2-8a85-485e-a621-756b190d24c3/
SH256 hash:
9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127
MD5 hash:
6133900085009a3a44e208d8a1876576
SHA1 hash:
ab6409e36fff5376c50ceb2179499ed200837850
Link:
https://www.unpac.me/results/da6fddb2-8a85-485e-a621-756b190d24c3/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/9cf94b955a86/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.76
Link:
https://yomi.yoroi.company/submissions/9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LgoogLoader

Executable exe 9cf94b955a86e0b13a101d42518e0aa355aab0784f157b1288808e0119291127

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2431510/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/339114/

Comments