Extracted

• • Target

    6b7c184726f4065c3200e5d2710874c1a1ae816a5c86c354fbec27b7d625c6cd.exe

  • Size

    1.9MB

  • MD5

    2c489e7597e575e7a7ceea0393891de9

  • SHA1

    b30bc225ad5c92c184a491971a863fac0ea99491

  • SHA256

    6b7c184726f4065c3200e5d2710874c1a1ae816a5c86c354fbec27b7d625c6cd

  • SHA512

    1a63aa6332ebceed7bff5d0c6aeefacf7ceb829fb0b762ee1c30163f679eb44c43f1cbfad5ae19bdddcf3e5fde7567f1107a6ab8ede57f442eab703ee689fcb2

  • SSDEEP

    49152:lPcWkyaqEROaM1FtzMEie3M6whrRuSQlzagjyc:5cWkXQzNf8rHQl+gOc

  Score

  10^/10

  gcleanerdiscoveryevasionloader

  • GCleaner

    GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    loadergcleaner

  • Gcleaner family

    gcleaner

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2