General
-
Target
c4a071a267dabdb052c37972911874070424f210cd7f3aa6e33cf4e08efbd87d
-
Size
1.9MB
-
Sample
241205-s5zsjaxjep
-
MD5
972aeaccbec56da479e178a53d3b24ff
-
SHA1
af7d676bf5c59c2ac6cfaaaaad067ed34090e675
-
SHA256
c4a071a267dabdb052c37972911874070424f210cd7f3aa6e33cf4e08efbd87d
-
SHA512
53599df300461312f499a4c8ef303724d74417b5d26a9cf189a35dcf6a76d0aa686c8341af6e50c35182d769c2223407cf9076878fbaf52e0f6c2933dff319e1
-
SSDEEP
49152:v3vSAMDPdFsFXqhfMs9pUhC0JoRhXApc3HtA:PvSLFOqhfxpWC0pG3NA
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
c4a071a267dabdb052c37972911874070424f210cd7f3aa6e33cf4e08efbd87d
-
Size
1.9MB
-
MD5
972aeaccbec56da479e178a53d3b24ff
-
SHA1
af7d676bf5c59c2ac6cfaaaaad067ed34090e675
-
SHA256
c4a071a267dabdb052c37972911874070424f210cd7f3aa6e33cf4e08efbd87d
-
SHA512
53599df300461312f499a4c8ef303724d74417b5d26a9cf189a35dcf6a76d0aa686c8341af6e50c35182d769c2223407cf9076878fbaf52e0f6c2933dff319e1
-
SSDEEP
49152:v3vSAMDPdFsFXqhfMs9pUhC0JoRhXApc3HtA:PvSLFOqhfxpWC0pG3NA
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-