General

  • Target

    956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768.exe

  • Size

    1.9MB

  • Sample

    241207-djz4vaylcm

  • MD5

    d819f4d6b07c749c5dae949876c88ad4

  • SHA1

    fa860c8a023c874ea7d9e111f30567b439b5755a

  • SHA256

    956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768

  • SHA512

    ec2f4655fd42fb5894ec3d97937a68c5b06eb7447a689b6ea71cfecd816f3b34d11f138a25b00e67983a40f03f179b2d37e836c326f9670af95b9b0ccdd58674

  • SSDEEP

    49152:zkNSUJcnjobRA15rEFfQnHy6p1ssdX9dS:zkNwjuA1gYnS6pnF9

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

    • Target

      956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768.exe

    • Size

      1.9MB

    • MD5

      d819f4d6b07c749c5dae949876c88ad4

    • SHA1

      fa860c8a023c874ea7d9e111f30567b439b5755a

    • SHA256

      956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768

    • SHA512

      ec2f4655fd42fb5894ec3d97937a68c5b06eb7447a689b6ea71cfecd816f3b34d11f138a25b00e67983a40f03f179b2d37e836c326f9670af95b9b0ccdd58674

    • SSDEEP

      49152:zkNSUJcnjobRA15rEFfQnHy6p1ssdX9dS:zkNwjuA1gYnS6pnF9

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks