General
-
Target
0fb1f2f159e36668c4480491ae8b05fe3f8fd28beeb933d46cf10ba3343256b6N.exe
-
Size
1.9MB
-
Sample
241216-cqeaaaynbt
-
MD5
c371507551999618fa1dceb764333bc0
-
SHA1
e71870305ad13fef36b85e5a3cd8e038525f994c
-
SHA256
0fb1f2f159e36668c4480491ae8b05fe3f8fd28beeb933d46cf10ba3343256b6
-
SHA512
758e15b5edc9db3d060f52a6f0b8caf07a03523905ad15d4a944b9c2c025545c4b498b22c2ad92a9781235e7a450c2608e40fffd98f1f764334d02cf3b2f243e
-
SSDEEP
49152:uv8V2T+34LyPayMriAtDEMH6a62D6WEDKrH:9VYfyiZ79t6WEa
Malware Config
Targets
-
-
Target
0fb1f2f159e36668c4480491ae8b05fe3f8fd28beeb933d46cf10ba3343256b6N.exe
-
Size
1.9MB
-
MD5
c371507551999618fa1dceb764333bc0
-
SHA1
e71870305ad13fef36b85e5a3cd8e038525f994c
-
SHA256
0fb1f2f159e36668c4480491ae8b05fe3f8fd28beeb933d46cf10ba3343256b6
-
SHA512
758e15b5edc9db3d060f52a6f0b8caf07a03523905ad15d4a944b9c2c025545c4b498b22c2ad92a9781235e7a450c2608e40fffd98f1f764334d02cf3b2f243e
-
SSDEEP
49152:uv8V2T+34LyPayMriAtDEMH6a62D6WEDKrH:9VYfyiZ79t6WEa
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-