General
-
Target
ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3.exe
-
Size
1.9MB
-
Sample
241207-dydt6azjfj
-
MD5
595dce153bbfd728b17b03828ad01ef9
-
SHA1
abdc8b2a253c6ff18aaeb43bd52625c0cdad03e1
-
SHA256
ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3
-
SHA512
391006d5335218084c53eff892bc54eb4fd813da00e03acb1389abcd34f3aed3af6d1c38bf6a90f8498ec1cdb1330fa16d7cb547996e65268256d3b7f0b81312
-
SSDEEP
24576:DyJP8TnBAGReutBAsjjMnoC8O5008jD0yiVDDEZs9sdd7PIbYuF6hyyZa7z/rwhQ:DyhsH8utNUoC8O56DhilERhwryAXrE
Static task
static1
Behavioral task
behavioral1
Sample
ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3.exe
Resource
win7-20240708-en
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3.exe
-
Size
1.9MB
-
MD5
595dce153bbfd728b17b03828ad01ef9
-
SHA1
abdc8b2a253c6ff18aaeb43bd52625c0cdad03e1
-
SHA256
ccae5dfec9a32bebf96900ea6a260d6dfe3fe7a7abd90046d57b6061edf1b9f3
-
SHA512
391006d5335218084c53eff892bc54eb4fd813da00e03acb1389abcd34f3aed3af6d1c38bf6a90f8498ec1cdb1330fa16d7cb547996e65268256d3b7f0b81312
-
SSDEEP
24576:DyJP8TnBAGReutBAsjjMnoC8O5008jD0yiVDDEZs9sdd7PIbYuF6hyyZa7z/rwhQ:DyhsH8utNUoC8O56DhilERhwryAXrE
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-