General

  • Target

    69a94137bf10488dd980bc600b3735c8.exe

  • Size

    1.9MB

  • Sample

    241220-shbgesypbp

  • MD5

    69a94137bf10488dd980bc600b3735c8

  • SHA1

    da3d908540863d0466fb2d7acab950afaf47d75e

  • SHA256

    b53ffd4fc8c3b8759852c9742c3e26b4e3b8ba115ca15229a235db74f59a82db

  • SHA512

    2c4737d12aaf57967b0ed3aa224b6e836fa4adc25438ebd795cdb1204e4357f24ab5872bb9d8d47ef34f8083e0dd48e34fb3d53498cf50c8fdd48e36c22a81bf

  • SSDEEP

    49152:UW5o5ReXPEz6R3AJBquFqmJI9JiKHMyrGT7gDUcqCchec:UWsRaPK6xAJBqxmJqJhHxG7g4rCk

Malware Config

Targets

    • Target

      69a94137bf10488dd980bc600b3735c8.exe

    • Size

      1.9MB

    • MD5

      69a94137bf10488dd980bc600b3735c8

    • SHA1

      da3d908540863d0466fb2d7acab950afaf47d75e

    • SHA256

      b53ffd4fc8c3b8759852c9742c3e26b4e3b8ba115ca15229a235db74f59a82db

    • SHA512

      2c4737d12aaf57967b0ed3aa224b6e836fa4adc25438ebd795cdb1204e4357f24ab5872bb9d8d47ef34f8083e0dd48e34fb3d53498cf50c8fdd48e36c22a81bf

    • SSDEEP

      49152:UW5o5ReXPEz6R3AJBquFqmJI9JiKHMyrGT7gDUcqCchec:UWsRaPK6xAJBqxmJqJhHxG7g4rCk

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks