Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    241205-22ta1ssrcp

  • MD5

    89109257f23f068de9f04a3c59df2b15

  • SHA1

    03ea7063a9d7b54bcdea8f11a990e668d9346121

  • SHA256

    74567ee5c75fd4a34c44dc8c75e9f4ea1dcf3c60d6d3fff4e8d8526460e49b10

  • SHA512

    b3203b1dbbb28a8f0e69e067c9b48e6a930e05046674f3b7f82a76b4b2ff0f8535150ed46dddbe8421fe4ced283f9edf76e2d15f54c454d43771f4e350655f48

  • SSDEEP

    49152:588Le1e7TAHDbLkQGl2y29gJo0ak5oxXbW7WdAKV9O:6UGe7TAHDcv2b6Jolvym7VI

Score
10/10
gcleanerdiscoveryevasionloader

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      89109257f23f068de9f04a3c59df2b15

    • SHA1

      03ea7063a9d7b54bcdea8f11a990e668d9346121

    • SHA256

      74567ee5c75fd4a34c44dc8c75e9f4ea1dcf3c60d6d3fff4e8d8526460e49b10

    • SHA512

      b3203b1dbbb28a8f0e69e067c9b48e6a930e05046674f3b7f82a76b4b2ff0f8535150ed46dddbe8421fe4ced283f9edf76e2d15f54c454d43771f4e350655f48

    • SSDEEP

      49152:588Le1e7TAHDbLkQGl2y29gJo0ak5oxXbW7WdAKV9O:6UGe7TAHDcv2b6Jolvym7VI

    Score
    10/10
    gcleanerdiscoveryevasionloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks