General
-
Target
trainerv_7VxI5OpA.exe
-
Size
4.3MB
-
Sample
230406-tvalbsdh37
-
MD5
3a0c3723ddc9efd1b7d584e10312576b
-
SHA1
c695283f4205420f3d9812a6c4b7eb1f4b484063
-
SHA256
f3dbe218bac2da1fabff8364428a0548f03e2c93442082d2c0ed1b2686040e32
-
SHA512
b6a645802e9b90e6a0eda5e40e7b48dea2c80c76f59640b50c27c72e78115e31fd161ab98401740a0404382dddcf4d543ff99746bd68363dac61817a3e54e0d2
-
SSDEEP
98304:QcPNiPea8mdie9Ohxt1rqaAA6YHxkjWvCK90w4LlY/+IbFEmFusXct:xNiPezmdie9MxtgdA6YHuWvB90wklq+V
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
trainerv_7VxI5OpA.exe
-
Size
4.3MB
-
MD5
3a0c3723ddc9efd1b7d584e10312576b
-
SHA1
c695283f4205420f3d9812a6c4b7eb1f4b484063
-
SHA256
f3dbe218bac2da1fabff8364428a0548f03e2c93442082d2c0ed1b2686040e32
-
SHA512
b6a645802e9b90e6a0eda5e40e7b48dea2c80c76f59640b50c27c72e78115e31fd161ab98401740a0404382dddcf4d543ff99746bd68363dac61817a3e54e0d2
-
SSDEEP
98304:QcPNiPea8mdie9Ohxt1rqaAA6YHxkjWvCK90w4LlY/+IbFEmFusXct:xNiPezmdie9MxtgdA6YHuWvB90wklq+V
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory
-