Overview

overview

10

Static

static

3

485a5e8d4a...e1.exe

windows7-x64

10

485a5e8d4a...e1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    485a5e8d4a2922f7fa91d85fe106a8e1.exe

  • Size

    1.9MB

  • Sample

    241214-qcmldssqbs

  • MD5

    485a5e8d4a2922f7fa91d85fe106a8e1

  • SHA1

    b69ffa2a1775aacffcb7c2571765736bb3fb2340

  • SHA256

    44e9ae9e07cc4933f495be3d6c400e1712179daaca387bfa1ed2f1401b6133b6

  • SHA512

    11ff1ca9f356722d4200bedb0db61185afc83762ed1ca770458dc0a4c322166e67ec2365d0e84e54873137c134ae2bba7159e2f997f8952bcb6555dfaeff1aa7

  • SSDEEP

    49152:CbdSZ2lLY7/VXYFPtI67rFIarlRxb4SlF7tO/om2wQj9:hz/VXKPtI6FIajxbJWd2lj9

Score
10/10
gcleanerdiscoveryevasionloader

Malware Config

Targets

    • Target

      485a5e8d4a2922f7fa91d85fe106a8e1.exe

    • Size

      1.9MB

    • MD5

      485a5e8d4a2922f7fa91d85fe106a8e1

    • SHA1

      b69ffa2a1775aacffcb7c2571765736bb3fb2340

    • SHA256

      44e9ae9e07cc4933f495be3d6c400e1712179daaca387bfa1ed2f1401b6133b6

    • SHA512

      11ff1ca9f356722d4200bedb0db61185afc83762ed1ca770458dc0a4c322166e67ec2365d0e84e54873137c134ae2bba7159e2f997f8952bcb6555dfaeff1aa7

    • SSDEEP

      49152:CbdSZ2lLY7/VXYFPtI67rFIarlRxb4SlF7tO/om2wQj9:hz/VXKPtI6FIajxbJWd2lj9

    Score
    10/10
    gcleanerdiscoveryevasionloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

      evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks