General

  • Target

    14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc.exe

  • Size

    1.9MB

  • Sample

    241211-cmkmwsvqfj

  • MD5

    b16a303612f8717a90851727a25fdf61

  • SHA1

    20281be28ae8c170b6dff5939fabd5616e9b7d23

  • SHA256

    14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc

  • SHA512

    c1c83b89a760997dc6740d940628fb7d68e3d82018b55c428ac1fcec0cde4b81ca943ef3dfd247212a14dd5b0eac20e4b4ba7f55b6154ea33a75920be032e196

  • SSDEEP

    24576:QWC52/9x0fDxBoxtUneN26Pf/54JF+GhxwTflZz0e+YbFN2VG8vaxY7SyI5LrC0t:pC8/6XN9UneONweQVmC75SS6

Malware Config

Targets

    • Target

      14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc.exe

    • Size

      1.9MB

    • MD5

      b16a303612f8717a90851727a25fdf61

    • SHA1

      20281be28ae8c170b6dff5939fabd5616e9b7d23

    • SHA256

      14a7faa5a16cbc6e031beb668ec24d78b04d8fe4959766cf11722932b93317dc

    • SHA512

      c1c83b89a760997dc6740d940628fb7d68e3d82018b55c428ac1fcec0cde4b81ca943ef3dfd247212a14dd5b0eac20e4b4ba7f55b6154ea33a75920be032e196

    • SSDEEP

      24576:QWC52/9x0fDxBoxtUneN26Pf/54JF+GhxwTflZz0e+YbFN2VG8vaxY7SyI5LrC0t:pC8/6XN9UneONweQVmC75SS6

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks