General
-
Target
8c0099c6cf3355140684e0157c1658ba.bin
-
Size
1.9MB
-
Sample
241209-byjz3asldm
-
MD5
4f9e1b7382f711bf55cec64e8bdde6ae
-
SHA1
1926a28c441c7e85066adfe46fbb115f54c03999
-
SHA256
d900370a0d08947316edec36c15908a8660453e1709491c00808ff41fef74e81
-
SHA512
fd4227dee7d5ce3945f957098088bf5d158ef449b90e2eb5c150efd7284a4ad043f553c83809bee3d028947dadd61500c60869f159306df758e096e407dac657
-
SSDEEP
49152:z2ZoSkMAYHmXXhk7Zpjk8o6xO8gpgPvhr2lg:SZof7HH27ZpjuEgsB
Static task
static1
Behavioral task
behavioral1
Sample
066c240c3fec6aa5150db849c2bd94e6ef77c7c6d4c65a6934c1f4e9d22798ed.exe
Resource
win7-20240729-en
Malware Config
Extracted
gcleaner
92.63.197.221
45.91.200.135
Targets
-
-
Target
066c240c3fec6aa5150db849c2bd94e6ef77c7c6d4c65a6934c1f4e9d22798ed.exe
-
Size
2.0MB
-
MD5
8c0099c6cf3355140684e0157c1658ba
-
SHA1
fdb6e46395fc202da5f3cfb40b2db9be9185efc8
-
SHA256
066c240c3fec6aa5150db849c2bd94e6ef77c7c6d4c65a6934c1f4e9d22798ed
-
SHA512
a949c28f18c9a1d99c9e53da740edac4fbdb2ddda2cbff90a66835650f1a8951e34d23e1d7fd94eb0fd8a67752abd0c7622fcb1978b162f78067dea59ba8c235
-
SSDEEP
49152:81aZfNXlZZnwcaShd3bsfCtq1D8QHFCA:8UZdZyShd3bntq1YQF
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-