MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LgoogLoader


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d
SHA3-384 hash: 6ed99d18c92165aa9d4c8dad23d82d3a5f8e07b9fe8a4ab2b33ac32cca7ed00bc6528d992e3c90f9bd48528facdbfd92
SHA1 hash: b3d276a972f6ed0805fe339624e68b2845d3154c
MD5 hash: 79b79167999cd38863c16ba5de372081
humanhash: kitten-pennsylvania-lion-maine
File name:79b79167999cd38863c16ba5de372081.exe
Download: download sample
Signature LgoogLoader
Create hunting rule
File size:551'936 bytes
First seen:2023-07-24 15:28:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:4IgQ0KaWFEEHXSz/yUToiGBYn4sBcL005M14p0UgQkDbm7PH/:4IgLK1FqnToiUYn4s0Sg0UsDbg//
Threatray 8 similar samples on MalwareBazaar
TLSH T1D0C4DDE9514AF073C3278F7B16B45D0525F10D6BD3EB9AAFFA0819F2195EE92C600B60
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:exe LgoogLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
273
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/431258/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.68306964.25789.11431.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Sending a custom TCP request
Unauthorized injection to a system process
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
NetWalker Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff5f5b7d-d524-40f5-acc4-a0a539b66138
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1278634
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus detection for URL or domain
Contain functionality to detect virtual machines
Contains functionality to infect the boot sector
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected lgoogLoader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d/
Threat name:
Win64.Trojan.Lgoogloader
Create hunting rule
Status:
Malicious
First seen:
2023-07-23 04:18:19 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
17 of 38 (44.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vzn7puc5k4kl6j2y7vobe72alxqmairdmq5cej43zpyd7nsizuwq._file
Verdict:
malicious
Similar samples:
2471e14de265a1cc39ea6030cec91bc81960aebcb02d50e0e59cb31fc55552e6
LgoogLoader
24e365e6ec99a774571ec4d93960c3896bbb987f43badd26406de8faa79b7211
LgoogLoader
2b8cd7175430c7efadb5156b883b63cbbd179579ee58dccb27efc68c22cdc819
LgoogLoader
67349de16fcd49c2df92647f3c27f5ef96506676261409e37da49c6ac5238435
LgoogLoader
8101d65f0f12946bd742b2b7513075ea485e3134258032252bef1938ac3cd3cd
LgoogLoader
97998689dcca7f8fac116a458168c2e7575f6442ef68e4729543799d07ccd849
LgoogLoader
a2d2a62835ec13260cc35eb5773e32b5205adf74c8dac852e614f6034c634309
LgoogLoader
f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5
LgoogLoader
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/230724-swxa2sfd6z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Unpacked files
SH256 hash:
ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d
MD5 hash:
79b79167999cd38863c16ba5de372081
SHA1 hash:
b3d276a972f6ed0805fe339624e68b2845d3154c
Link:
https://www.unpac.me/results/4d81d664-9efc-4011-934a-717d5a2e401d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

LgoogLoader

Executable exe ae5bf7d05d5714bf2758fd5c127f405de0c02223643a22279bcbf03fb648cd2d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2681797/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/431258/

Comments