General

  • Target

    c4a16bac6cdc5735e1bbb57c7f4c300e35a4c2f617c85585d17ac5a55a875383.exe

  • Size

    1.9MB

  • Sample

    241211-dy9ltsynbp

  • MD5

    2e19a105ae94d5cfdba8166af58f7a3e

  • SHA1

    398ec17fa4b03728c4c48c6d2e6f99e01ff78a63

  • SHA256

    c4a16bac6cdc5735e1bbb57c7f4c300e35a4c2f617c85585d17ac5a55a875383

  • SHA512

    181d6bec6fe7a93bc6ea1c5521977567a9565b1f7ef6b3a5cd8f8607ca27bdbca3c775ed6d5253ef1bb26227648d6a2d118c45b5e43af78a992135bf70b672ba

  • SSDEEP

    49152:Y7lxqmNNdrwjy98ivFTAbrslcIDObJ51:qlz3Oymitkrsl9

Malware Config

Targets

    • Target

      c4a16bac6cdc5735e1bbb57c7f4c300e35a4c2f617c85585d17ac5a55a875383.exe

    • Size

      1.9MB

    • MD5

      2e19a105ae94d5cfdba8166af58f7a3e

    • SHA1

      398ec17fa4b03728c4c48c6d2e6f99e01ff78a63

    • SHA256

      c4a16bac6cdc5735e1bbb57c7f4c300e35a4c2f617c85585d17ac5a55a875383

    • SHA512

      181d6bec6fe7a93bc6ea1c5521977567a9565b1f7ef6b3a5cd8f8607ca27bdbca3c775ed6d5253ef1bb26227648d6a2d118c45b5e43af78a992135bf70b672ba

    • SSDEEP

      49152:Y7lxqmNNdrwjy98ivFTAbrslcIDObJ51:qlz3Oymitkrsl9

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks