gcleaner | 0d44012b093a25d5b64bf7712ea61b59034150d81a55f91c7587bb9e3ff5b726 | Triage

Sharing

General

Target

7f5a4d072a8a04f671be634f958fd98f.bin
Size

1.8MB
Sample

241206-byeqcaypej
MD5

35a644f38f88d97532c5a6e9b829b174
SHA1

4819182db3f4de75bacb3f602cce88cde795056e
SHA256

0d44012b093a25d5b64bf7712ea61b59034150d81a55f91c7587bb9e3ff5b726
SHA512

5d5abf9ce666f2d2b97bd6b6ae6a0ec6bbec6c9fc045e3afeefabfc65cb304255e191756eb1f0e66e95f6a4eded6be2ba791a41f0254e40cc5a395e0754b4e03
SSDEEP

49152:sjCwnvlle3RzY4xSs26apGm++pi9z71gkcxW21gNt:gtlizY4xGrGqMf1gBGt

Score

10^/10

gcleaner discovery evasion loader

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

- Target
  
  a9e92705e50c5ee6795eb54011a4e1f68bdc6f15dd5effc25abf3cf7ea5c35fe.exe
- Size
  
  1.9MB
- MD5
  
  7f5a4d072a8a04f671be634f958fd98f
- SHA1
  
  ff8de037e06004e1728e6d699f1be00b9139d795
- SHA256
  
  a9e92705e50c5ee6795eb54011a4e1f68bdc6f15dd5effc25abf3cf7ea5c35fe
- SHA512
  
  23ce79a762f80cfb3f1711dc9f2c22561cfcff65ed13bbf08919780eb86858e59aa8889f6409743501536eda07bd12cfb080120563f57a45e873e1add0f73eb6
- SSDEEP
  
  49152:R/mUbQS/X309B3bMXM8du2L35lwYF0f4XM1eT9:RfkS/H8S42Ufp
Score

10^/10

gcleaner discovery evasion loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Downloads MZ/PE file
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryevasionloader

behavioral2

gcleanerdiscoveryevasionloader