General

  • Target

    659b475361502e4bb93cb3978d0d69c6.bin

  • Size

    1.8MB

  • Sample

    241214-bqe15ssncv

  • MD5

    64337e4cb1996305d88b823f930d9d7f

  • SHA1

    c19876e0b66736652e0a001cfa8c920f775ce0ef

  • SHA256

    fca31784bb58d1bbecbf9e28622eb85f5ccc224419124435729dd04dc94c72df

  • SHA512

    890997f8e1f73554ec6975d22027c0fcd1d8895243a768bb71a029336e0a89be2901c4f218aef5b58c01e406797cd446eba3f5454763cbf36f28401b351725ea

  • SSDEEP

    49152:qvp2uz2jsDRzHNHth6+RTmiqhRd/+O8jsO6ij85P:up2O2CtHj1miq1+O0EijkP

Malware Config

Targets

    • Target

      9cd587e74a90f572286c6606c8d0dd40c5053aab867b5347c2499e5338a46b2d.exe

    • Size

      1.8MB

    • MD5

      659b475361502e4bb93cb3978d0d69c6

    • SHA1

      9b4db8cab515e22350a6de83e9b892e9376fd391

    • SHA256

      9cd587e74a90f572286c6606c8d0dd40c5053aab867b5347c2499e5338a46b2d

    • SHA512

      6b31ca314b6c4268703197bdcc093fde7cfa50d2ea8461a9fe83ee7da1d2ea0bfedf13dab4c4cfecddd1bb172990cd19f1d0714324c58ec0d3a61f8ad8f1491f

    • SSDEEP

      49152:oGsSbw6I87hDyW5y0d2QVzbqhTBnk0AlORGIi05sXf:vw65eueT20OIiK

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks