General
-
Target
trainerv_pm8uqF2s.exe
-
Size
4.4MB
-
Sample
230409-a9y3pagb72
-
MD5
6f524c76cb5d9c19471ac009dcd35824
-
SHA1
9cca8e497ef5f9b78b7f61809e7cc2111dd45491
-
SHA256
010a016be2c9465499525b99a118e8f6683ca2c5826f534137892bcb4ca4f256
-
SHA512
4e803ad966d2e1f6f50a56677d2530bf0d34876b19ef62ab7dbd74f316bd728e82fc5d7949d00b22dcf6e28f4fdd6ccac1858d89fa0801aaece0e53e40adb845
-
SSDEEP
98304:eVqNboisoqIf4BhfEJQtBzginZDJbdIZK+j9gC9858e7J:ooqrUQt2iZlsK6R858e7J
Static task
static1
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
trainerv_pm8uqF2s.exe
-
Size
4.4MB
-
MD5
6f524c76cb5d9c19471ac009dcd35824
-
SHA1
9cca8e497ef5f9b78b7f61809e7cc2111dd45491
-
SHA256
010a016be2c9465499525b99a118e8f6683ca2c5826f534137892bcb4ca4f256
-
SHA512
4e803ad966d2e1f6f50a56677d2530bf0d34876b19ef62ab7dbd74f316bd728e82fc5d7949d00b22dcf6e28f4fdd6ccac1858d89fa0801aaece0e53e40adb845
-
SSDEEP
98304:eVqNboisoqIf4BhfEJQtBzginZDJbdIZK+j9gC9858e7J:ooqrUQt2iZlsK6R858e7J
-
Downloads MZ/PE file
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-