General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    241213-agylfsslbw

  • MD5

    0a2e0cf36cb5586fb3ecff4872b27b9d

  • SHA1

    b8ab43272fbbad21c1985ee536ecd5ccbdc0a761

  • SHA256

    417e7e396fbadbf07bf6952dbd3c0b6b496bc18871047645879db777552552b1

  • SHA512

    54f788a088be98537649567c9c9c1c13fb148502900862832b91438a4e0ea1cfab5d8c465834059556f2799d83390ef2bc07efa6c3a63b225484528c2e85eedf

  • SSDEEP

    49152:KCQD+j4yNBpD4yejjTxNgNYtBdt8Z3ry8JE2Kt7VHNDc:9iC1UjjTxSNYXEZbzE2KXHd

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      0a2e0cf36cb5586fb3ecff4872b27b9d

    • SHA1

      b8ab43272fbbad21c1985ee536ecd5ccbdc0a761

    • SHA256

      417e7e396fbadbf07bf6952dbd3c0b6b496bc18871047645879db777552552b1

    • SHA512

      54f788a088be98537649567c9c9c1c13fb148502900862832b91438a4e0ea1cfab5d8c465834059556f2799d83390ef2bc07efa6c3a63b225484528c2e85eedf

    • SSDEEP

      49152:KCQD+j4yNBpD4yejjTxNgNYtBdt8Z3ry8JE2Kt7VHNDc:9iC1UjjTxSNYXEZbzE2KXHd

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks