gcleaner | ccd13fcd2302d16a0fd2d9cc2653869ce0551d464145bf264f75163f03f874bc | Triage

Sharing

General

Target

ccd13fcd2302d16a0fd2d9cc2653869ce0551d464145bf264f75163f03f874bc.exe
Size

1.8MB
Sample

241206-dxz11atpcn
MD5

06b66556e8a2389c099c0da6e0db3dd2
SHA1

53f96909c6ae94499b790eba12ec355a275388df
SHA256

ccd13fcd2302d16a0fd2d9cc2653869ce0551d464145bf264f75163f03f874bc
SHA512

8623c835b552b000749405788eba8cc221f505d5285ff5fe8c5d79d81ae5d9a18985427e1f98c4baf2defd38ece14af11683524de636612d69d9b913a6869ce5
SSDEEP

49152:djijgLC4Kn6bujNhQfRTFlzt/wdcCjX/6Gdg9AYAUG:djijgL0A+NifR9wdcCbyl6

Score

10^/10

gcleaner discovery evasion loader

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

- Target
  
  ccd13fcd2302d16a0fd2d9cc2653869ce0551d464145bf264f75163f03f874bc.exe
- Size
  
  1.8MB
- MD5
  
  06b66556e8a2389c099c0da6e0db3dd2
- SHA1
  
  53f96909c6ae94499b790eba12ec355a275388df
- SHA256
  
  ccd13fcd2302d16a0fd2d9cc2653869ce0551d464145bf264f75163f03f874bc
- SHA512
  
  8623c835b552b000749405788eba8cc221f505d5285ff5fe8c5d79d81ae5d9a18985427e1f98c4baf2defd38ece14af11683524de636612d69d9b913a6869ce5
- SSDEEP
  
  49152:djijgLC4Kn6bujNhQfRTFlzt/wdcCjX/6Gdg9AYAUG:djijgL0A+NifR9wdcCbyl6
Score

10^/10

gcleaner discovery evasion loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Gcleaner family
  gcleaner
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryevasionloader

behavioral2

gcleanerdiscoveryevasionloader