General
-
Target
HZTD6_file.exe
-
Size
1.9MB
-
Sample
241205-qtraxawqas
-
MD5
6d00ea43be88c32392e2a3b543d0a1f4
-
SHA1
1dfb0cb50425d6bf72467ae0894d614f26f0b987
-
SHA256
747ebc458a95ab80f371b899d4b6e54eaefba46bf5343ae39eeeafba61ba8365
-
SHA512
f111a1b9812891d9ddda571e798545743ff9628bcf2c258a9fcb34a89b3d5286a2882d9d635c16062d974aac4d11904ac95fcbb45ecce38aa0e314cba7e7bbbf
-
SSDEEP
49152:pY9YsiY2og7Wr/znAtoH26PfSWP57CoFm0bt+cgPqK:C9Y5NoeozAts2GfJJ0KK
Static task
static1
Behavioral task
behavioral1
Sample
HZTD6_file.exe
Resource
win7-20240903-en
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
HZTD6_file.exe
-
Size
1.9MB
-
MD5
6d00ea43be88c32392e2a3b543d0a1f4
-
SHA1
1dfb0cb50425d6bf72467ae0894d614f26f0b987
-
SHA256
747ebc458a95ab80f371b899d4b6e54eaefba46bf5343ae39eeeafba61ba8365
-
SHA512
f111a1b9812891d9ddda571e798545743ff9628bcf2c258a9fcb34a89b3d5286a2882d9d635c16062d974aac4d11904ac95fcbb45ecce38aa0e314cba7e7bbbf
-
SSDEEP
49152:pY9YsiY2og7Wr/znAtoH26PfSWP57CoFm0bt+cgPqK:C9Y5NoeozAts2GfJJ0KK
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-