MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


lgoogLoader


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330
SHA3-384 hash: 5d673e719004dd0d8b7367efb464c4b4800643f4c738b07245f3bfe7cb2931e644f65a3b39f34f16adce411e78ff5245
SHA1 hash: 6ef72c792948700574ba89283e2340e7ff01cfbc
MD5 hash: ed6dbdf2398812d018cfe6e0def16206
humanhash: angel-alpha-gee-purple
File name:file
Download: download sample
Signature lgoogLoader
Create hunting rule
File size:2'034'880 bytes
First seen:2022-11-08 18:24:45 UTC
Last seen:2023-08-26 22:05:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f1feeb9e7dee8c31856c4e424ba4c89b (3 x RedLineStealer, 2 x lgoogLoader, 1 x RemcosRAT)
ssdeep 49152:lPCFPp7MYXdk2Btd8llPgvZvNA92nByW/lb6hPd1IZkKXwfzh:lkTdk2Btd8rkY+yW/lOhb7zh
Threatray 18 similar samples on MalwareBazaar
TLSH T1D195F1346F1031CFF01E33F99AA76EA15666825909B482D70ACF5B0D3F969F5EC9824C
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 29968eccc8cccc15 (1 x lgoogLoader)
Reporter andretavare5
Tags:exe LgoogLoader signed

Code Signing Certificate

Organisation:*.infinity.com
Issuer:Sectigo RSA Organization Validation Secure Server CA
Algorithm:sha256WithRSAEncryption
Valid from:2022-08-22T00:00:00Z
Valid to:2023-09-21T23:59:59Z
Serial number: 982bb3995415c1ce157998f0b036fccd
Intelligence: 7 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 25a5278acd84018fb292d01807a8d461d3795437f7ff362e982bb2a55af9a6ce
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
andretavare5
Sample downloaded from http://85.31.44.208/files/Mp3studio.exe

Intelligence

File Origin
# of uploads :
52
# of downloads :
186
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2022-11-08 18:25:53 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d72d4c95-4b0a-409e-8db7-1b955a0bbc33

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/330774/
Detection(s):
SecuriteInfo.com.Variant.Jaik.103046.29443.31055.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Launching a process
Sending a custom TCP request
Unauthorized injection to a system process
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/50215/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionQueryPerformanceCounter
CheckCmdLine
EvasionGetTickCount
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/636a9f018f7ad620b39c07c5/reports/f7a50313-1f35-4beb-bae2-244ab7113bb0/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3c3e9ff0-890e-4f56-b56e-7ddb97ad2ebd
Result
Threat name:
lgoogLoader
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1108510
Signature
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected lgoogLoader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330/
Threat name:
Win32.Trojan.Privateloader
Create hunting rule
Status:
Malicious
First seen:
2022-11-08 18:25:14 UTC
File Type:
PE (Exe)
Extracted files:
27
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4herdsokahv5lubjhsxvmyrhpusre5w7v4o43m64lalrrljrsmya._file
Verdict:
malicious
Similar samples:
303bd4a9a4f522900dcb9af3030f9683b64cb904e12e75ed06723c43215ef438
lgoogLoader
322f8b985672fe452211e1299a29037be69a9b467e8a8cdcad02afd0835e1dee
lgoogLoader
32e8bb7e05049dcc6ffad8ff029468246734dd8adb01af52a55ddc1488b397c3
lgoogLoader
51e380e872b007b342e94119d6665cc15ce492964c82799117e50e2f103a5ac3
lgoogLoader
8aa42c477d96d5cf3a5d9ea88ebc6e82d8db7970f85fd03924447040e2758a96
lgoogLoader
a4cebe4913d275f7387b8d8b2acb7d76324550746e8802f28d432a15d3608194
lgoogLoader
bc5e3b9e7638a68bbb36387281fedc1bedb12d67575b9242a47c0bf0c8f3c265
lgoogLoader
c26154711ca9d9d48de370f242deb560bd0b99a0c8f12a2d1db5d4cd6e25d107
lgoogLoader
fea97bcd0bcd24fae553aa9152a410e3e6064edbd8011c3b2d9fcee40cc430f8
lgoogLoader
+ 8 additional samples on MalwareBazaar
Result
Malware family:
lgoogloader
Create hunting rule
Score:
  10/10
Tags:
family:lgoogloader downloader
Link:
https://tria.ge/reports/221108-w2lnaabef3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Detects LgoogLoader payload
LgoogLoader
Unpacked files
SH256 hash:
d0be19607fb65be32263afbdb623708596e0defa3f11f0c9332ddaadbc9a0ffc
MD5 hash:
4cbc03afa177e889ad16022291288838
SHA1 hash:
5b2da7315e41de94cfa0687e43b3746ae5dd510d
Link:
https://www.unpac.me/results/9d1aa9f9-7698-4006-9317-16b62acfa638/
SH256 hash:
cdd35f3024801e3f20a5809efa3d866356bb5f8eaee20a4c64788223f9d51243
MD5 hash:
a82bf0ab99bd07797f931d6897332cf0
SHA1 hash:
8772027f160c6712ca0d3b82f07efa270aa26f2d
Link:
https://www.unpac.me/results/9d1aa9f9-7698-4006-9317-16b62acfa638/
SH256 hash:
e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330
MD5 hash:
ed6dbdf2398812d018cfe6e0def16206
SHA1 hash:
6ef72c792948700574ba89283e2340e7ff01cfbc
Link:
https://www.unpac.me/results/9d1aa9f9-7698-4006-9317-16b62acfa638/
Malware family:
SmokeLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e1c911c9ca01/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e1c911c9ca01ebd5d0293caf5662277d251276dfaf1dcdb3dc581718ad319330

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/330774/
  
URLhaus
https://urlhaus.abuse.ch/url/2402508/

Comments