General

  • Target

    8d74dff63ca291a7a5457b6924722959319ff92d8130954bfd8a816d117e6160.exe

  • Size

    1.9MB

  • Sample

    241207-dhmr5asmfs

  • MD5

    c9420e178724864d8be4caa3e0600b89

  • SHA1

    0a50a13ada835b4f831a4e47d08a9672efe13bfa

  • SHA256

    8d74dff63ca291a7a5457b6924722959319ff92d8130954bfd8a816d117e6160

  • SHA512

    734081b83a3213906960d9bcd6573218a22721005d7d7e1250f34de2485c49db17a9f27f34f4da33afc6c2db1ebe9be299ce4ba31a6ec20d2a78ec91dda57947

  • SSDEEP

    24576:E6zOB+DZ/GGrQi4LMx+62qQ1h6Pui8ls4IDiZhEmsdNl+biFHLDgyB7gm1/rRo4z:E6G+NeI4LMk5qyjTROfdNl+wLDF1k

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

    • Target

      8d74dff63ca291a7a5457b6924722959319ff92d8130954bfd8a816d117e6160.exe

    • Size

      1.9MB

    • MD5

      c9420e178724864d8be4caa3e0600b89

    • SHA1

      0a50a13ada835b4f831a4e47d08a9672efe13bfa

    • SHA256

      8d74dff63ca291a7a5457b6924722959319ff92d8130954bfd8a816d117e6160

    • SHA512

      734081b83a3213906960d9bcd6573218a22721005d7d7e1250f34de2485c49db17a9f27f34f4da33afc6c2db1ebe9be299ce4ba31a6ec20d2a78ec91dda57947

    • SSDEEP

      24576:E6zOB+DZ/GGrQi4LMx+62qQ1h6Pui8ls4IDiZhEmsdNl+biFHLDgyB7gm1/rRo4z:E6G+NeI4LMk5qyjTROfdNl+wLDF1k

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks