General

  • Target

    20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab.exe

  • Size

    1.8MB

  • Sample

    241206-cq531avnat

  • MD5

    872445f439140f8b8db73ec546971cc9

  • SHA1

    86ca54d31ba843a883c352f387a623dd35c09c8c

  • SHA256

    20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab

  • SHA512

    eb28f12e13fabfc1d2ebf768548cafded96006de1c8647f7cdfe37f050d6a16a6cbe2a0e4131dc4a1c7027285bb5d7af544b4168627a793884f1fa169f6aa50c

  • SSDEEP

    24576:UB06NnSMYTaEX4H3VXTzQmmVSXmx7ILXocFLwFkue/e0rShVM6vH663KRqRi8QHf:X6NSHX4XVsmmVIm6b7FLwFFET3gKIc

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

    • Target

      20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab.exe

    • Size

      1.8MB

    • MD5

      872445f439140f8b8db73ec546971cc9

    • SHA1

      86ca54d31ba843a883c352f387a623dd35c09c8c

    • SHA256

      20aa6407587318875a98f4cc567752a4caffcd46104d7f42c427ad8b10317eab

    • SHA512

      eb28f12e13fabfc1d2ebf768548cafded96006de1c8647f7cdfe37f050d6a16a6cbe2a0e4131dc4a1c7027285bb5d7af544b4168627a793884f1fa169f6aa50c

    • SSDEEP

      24576:UB06NnSMYTaEX4H3VXTzQmmVSXmx7ILXocFLwFkue/e0rShVM6vH663KRqRi8QHf:X6NSHX4XVsmmVIm6b7FLwFFET3gKIc

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks