General

  • Target

    ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3.exe

  • Size

    1.9MB

  • Sample

    241207-dydt6azjfj

  • MD5

    595dce153bbfd728b17b03828ad01ef9

  • SHA1

    abdc8b2a253c6ff18aaeb43bd52625c0cdad03e1

  • SHA256

    ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3

  • SHA512

    391006d5335218084c53eff892bc54eb4fd813da00e03acb1389abcd34f3aed3af6d1c38bf6a90f8498ec1cdb1330fa16d7cb547996e65268256d3b7f0b81312

  • SSDEEP

    24576:DyJP8TnBAGReutBAsjjMnoC8O5008jD0yiVDDEZs9sdd7PIbYuF6hyyZa7z/rwhQ:DyhsH8utNUoC8O56DhilERhwryAXrE

Malware Config

Extracted

Family

gcleaner

C2

92.63.197.221

45.91.200.135

Targets

    • Target

      ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3.exe

    • Size

      1.9MB

    • MD5

      595dce153bbfd728b17b03828ad01ef9

    • SHA1

      abdc8b2a253c6ff18aaeb43bd52625c0cdad03e1

    • SHA256

      ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3

    • SHA512

      391006d5335218084c53eff892bc54eb4fd813da00e03acb1389abcd34f3aed3af6d1c38bf6a90f8498ec1cdb1330fa16d7cb547996e65268256d3b7f0b81312

    • SSDEEP

      24576:DyJP8TnBAGReutBAsjjMnoC8O5008jD0yiVDDEZs9sdd7PIbYuF6hyyZa7z/rwhQ:DyhsH8utNUoC8O56DhilERhwryAXrE

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks