General

  • Target

    06K80_file.exe

  • Size

    1.9MB

  • Sample

    241213-lt45jswpam

  • MD5

    2e164f8eb316718ae1c48ed84e05dc9f

  • SHA1

    653b1c1598a62782b58e52dd3f2c53355aad94fa

  • SHA256

    323426e01a17e9974e2c710c0708a7232d250a2a7aa815ee7fdfac5f634af0e2

  • SHA512

    4c47f3284fb5220338700b8a86892184fc9956844dd041a88b47d35ebabbb4a70a3922158f02c3f40e594a74f70e6c1f929750404a2b09240535ed7d91dce4a4

  • SSDEEP

    24576:FZjVHfyt/9PRZ9j7d8t0Dls0wnohMQbqzXRqv2ZkA/35YZrPJlGmvrjynr4aAgiH:FZ9G9tfd40adoijcv6WflG4Dnr

Malware Config

Targets

    • Target

      06K80_file.exe

    • Size

      1.9MB

    • MD5

      2e164f8eb316718ae1c48ed84e05dc9f

    • SHA1

      653b1c1598a62782b58e52dd3f2c53355aad94fa

    • SHA256

      323426e01a17e9974e2c710c0708a7232d250a2a7aa815ee7fdfac5f634af0e2

    • SHA512

      4c47f3284fb5220338700b8a86892184fc9956844dd041a88b47d35ebabbb4a70a3922158f02c3f40e594a74f70e6c1f929750404a2b09240535ed7d91dce4a4

    • SSDEEP

      24576:FZjVHfyt/9PRZ9j7d8t0Dls0wnohMQbqzXRqv2ZkA/35YZrPJlGmvrjynr4aAgiH:FZ9G9tfd40adoijcv6WflG4Dnr

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks