General
-
Target
e6a1c97a26a0901473f9ca53cd39967f.exe
-
Size
1.9MB
-
Sample
241220-sf7f3synhl
-
MD5
e6a1c97a26a0901473f9ca53cd39967f
-
SHA1
16d060d65114d89e9c2ee5516be1c4c95f60d39e
-
SHA256
3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23
-
SHA512
125fc67e0ac04015d3cc765050ecb8c9b1cc18c8177ffdcce7f36a9e1aeebe7bbfa5aef6a81c6ce7a6f2b10b0ac0db57642f0262d7bdc60ae264aaf02e2899b5
-
SSDEEP
49152:r2Oz9lIo5WQm5OlTRxYnykwh8tSch0rKK57d6+:rBzrUwhGSaydFd6
Malware Config
Targets
-
-
Target
e6a1c97a26a0901473f9ca53cd39967f.exe
-
Size
1.9MB
-
MD5
e6a1c97a26a0901473f9ca53cd39967f
-
SHA1
16d060d65114d89e9c2ee5516be1c4c95f60d39e
-
SHA256
3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23
-
SHA512
125fc67e0ac04015d3cc765050ecb8c9b1cc18c8177ffdcce7f36a9e1aeebe7bbfa5aef6a81c6ce7a6f2b10b0ac0db57642f0262d7bdc60ae264aaf02e2899b5
-
SSDEEP
49152:r2Oz9lIo5WQm5OlTRxYnykwh8tSch0rKK57d6+:rBzrUwhGSaydFd6
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-