General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    241213-c5aweawlcw

  • MD5

    5c682cd7d028b24b4cd0f276f3b50f54

  • SHA1

    e6e8d03bfd05caff9df36150b7daf6c8a8b799d2

  • SHA256

    53957b3c63da49c6bfd73328983d398e81c80c74c5d789d2066ff306769f3277

  • SHA512

    616beed27ce126e88f882911c388d31e2c2ef5bd2c1ed05df06c1f3b0939d42787a9b08cf16a9a331301eed0875b55e4d47d99c5d975ead6e00e2b5e846cdfa5

  • SSDEEP

    49152:IGF222lKRnVbJ2XLiHRanDTOXW7T9noubz2UonM:IQTROnDT97T2WCM

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      5c682cd7d028b24b4cd0f276f3b50f54

    • SHA1

      e6e8d03bfd05caff9df36150b7daf6c8a8b799d2

    • SHA256

      53957b3c63da49c6bfd73328983d398e81c80c74c5d789d2066ff306769f3277

    • SHA512

      616beed27ce126e88f882911c388d31e2c2ef5bd2c1ed05df06c1f3b0939d42787a9b08cf16a9a331301eed0875b55e4d47d99c5d975ead6e00e2b5e846cdfa5

    • SSDEEP

      49152:IGF222lKRnVbJ2XLiHRanDTOXW7T9noubz2UonM:IQTROnDT97T2WCM

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks