General

  • Target

    e6a1c97a26a0901473f9ca53cd39967f.exe

  • Size

    1.9MB

  • Sample

    241220-sj4vcsxrfs

  • MD5

    e6a1c97a26a0901473f9ca53cd39967f

  • SHA1

    16d060d65114d89e9c2ee5516be1c4c95f60d39e

  • SHA256

    3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23

  • SHA512

    125fc67e0ac04015d3cc765050ecb8c9b1cc18c8177ffdcce7f36a9e1aeebe7bbfa5aef6a81c6ce7a6f2b10b0ac0db57642f0262d7bdc60ae264aaf02e2899b5

  • SSDEEP

    49152:r2Oz9lIo5WQm5OlTRxYnykwh8tSch0rKK57d6+:rBzrUwhGSaydFd6

Malware Config

Targets

    • Target

      e6a1c97a26a0901473f9ca53cd39967f.exe

    • Size

      1.9MB

    • MD5

      e6a1c97a26a0901473f9ca53cd39967f

    • SHA1

      16d060d65114d89e9c2ee5516be1c4c95f60d39e

    • SHA256

      3ed31a41ff5e2ffec4dba349fb5fd434eebc72d1426eb0a220b22e5ededaae23

    • SHA512

      125fc67e0ac04015d3cc765050ecb8c9b1cc18c8177ffdcce7f36a9e1aeebe7bbfa5aef6a81c6ce7a6f2b10b0ac0db57642f0262d7bdc60ae264aaf02e2899b5

    • SSDEEP

      49152:r2Oz9lIo5WQm5OlTRxYnykwh8tSch0rKK57d6+:rBzrUwhGSaydFd6

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks