General
-
Target
956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768.exe
-
Size
1.9MB
-
Sample
241207-djz4vaylcm
-
MD5
d819f4d6b07c749c5dae949876c88ad4
-
SHA1
fa860c8a023c874ea7d9e111f30567b439b5755a
-
SHA256
956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768
-
SHA512
ec2f4655fd42fb5894ec3d97937a68c5b06eb7447a689b6ea71cfecd816f3b34d11f138a25b00e67983a40f03f179b2d37e836c326f9670af95b9b0ccdd58674
-
SSDEEP
49152:zkNSUJcnjobRA15rEFfQnHy6p1ssdX9dS:zkNwjuA1gYnS6pnF9
Static task
static1
Behavioral task
behavioral1
Sample
956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768.exe
Resource
win7-20240903-en
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768.exe
-
Size
1.9MB
-
MD5
d819f4d6b07c749c5dae949876c88ad4
-
SHA1
fa860c8a023c874ea7d9e111f30567b439b5755a
-
SHA256
956aa8781bb234807f058747b32e87baa93da2f2f7973c2fd264bbfafec58768
-
SHA512
ec2f4655fd42fb5894ec3d97937a68c5b06eb7447a689b6ea71cfecd816f3b34d11f138a25b00e67983a40f03f179b2d37e836c326f9670af95b9b0ccdd58674
-
SSDEEP
49152:zkNSUJcnjobRA15rEFfQnHy6p1ssdX9dS:zkNwjuA1gYnS6pnF9
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-