General
-
Target
b69a00eeecf161383de949aae4a8cc1457350adc073888de14f91cbbca848cc2
-
Size
1.8MB
-
Sample
241226-2dxzastjds
-
MD5
07927aebc44883297252e3acc03f37a6
-
SHA1
287d3c7b4ff1b6dcf2216e0a2b7d41e42252619c
-
SHA256
b69a00eeecf161383de949aae4a8cc1457350adc073888de14f91cbbca848cc2
-
SHA512
a5b8981624d96ff6e60c9a596f61561a978c4cf834d4535a4d13d0bbedb6b57c7fa940fc05aee016867d52061c5083450ade2c70444da104a682876e6ac3013c
-
SSDEEP
24576:XZtKNX8j+poLS9MKaK+Ql22wl11kXkxXLrq5d/PZEikswRru/cJ0A8Pdi2pmIuP8:J4Pp11aKJkBk2XS5JPZF3w8oWlijVr
Malware Config
Targets
-
-
Target
b69a00eeecf161383de949aae4a8cc1457350adc073888de14f91cbbca848cc2
-
Size
1.8MB
-
MD5
07927aebc44883297252e3acc03f37a6
-
SHA1
287d3c7b4ff1b6dcf2216e0a2b7d41e42252619c
-
SHA256
b69a00eeecf161383de949aae4a8cc1457350adc073888de14f91cbbca848cc2
-
SHA512
a5b8981624d96ff6e60c9a596f61561a978c4cf834d4535a4d13d0bbedb6b57c7fa940fc05aee016867d52061c5083450ade2c70444da104a682876e6ac3013c
-
SSDEEP
24576:XZtKNX8j+poLS9MKaK+Ql22wl11kXkxXLrq5d/PZEikswRru/cJ0A8Pdi2pmIuP8:J4Pp11aKJkBk2XS5JPZF3w8oWlijVr
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-