General
-
Target
b3bab1d09ce9738f8bcf2c838086eaf628715df4fe99ef26c7c85b6e9b9a6443
-
Size
1.9MB
-
Sample
241205-tb8zsaxmdn
-
MD5
82d1397fb388fe6e4b7c66b0ae4bdbe4
-
SHA1
d979b5399d577b53b63b428c4a35abd30d6cc9de
-
SHA256
b3bab1d09ce9738f8bcf2c838086eaf628715df4fe99ef26c7c85b6e9b9a6443
-
SHA512
47de07a2595067569a1ded7dd330f81817334d9442997cf25af977ecac04df5827d4475145cca0f8cf457002d147bed789cc2fc24d275fcff129d14a41b0531a
-
SSDEEP
24576:mIPfh5ny0qcJlPZ9zeoaIa8OtKCzgqf7K2GWvFj4O3VOSk7+FXSeWHG4c10VADA7:mafh5YiEoaVOqf7GsBxreHGU+n8I4+X
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
b3bab1d09ce9738f8bcf2c838086eaf628715df4fe99ef26c7c85b6e9b9a6443
-
Size
1.9MB
-
MD5
82d1397fb388fe6e4b7c66b0ae4bdbe4
-
SHA1
d979b5399d577b53b63b428c4a35abd30d6cc9de
-
SHA256
b3bab1d09ce9738f8bcf2c838086eaf628715df4fe99ef26c7c85b6e9b9a6443
-
SHA512
47de07a2595067569a1ded7dd330f81817334d9442997cf25af977ecac04df5827d4475145cca0f8cf457002d147bed789cc2fc24d275fcff129d14a41b0531a
-
SSDEEP
24576:mIPfh5ny0qcJlPZ9zeoaIa8OtKCzgqf7K2GWvFj4O3VOSk7+FXSeWHG4c10VADA7:mafh5YiEoaVOqf7GsBxreHGU+n8I4+X
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-