General
-
Target
4c54d3ef04e158cf3a938fee971fd705443cc85f4788d0236275bfbe09654fa8
-
Size
1.9MB
-
Sample
241226-p3rglawmdn
-
MD5
a496fc147df86ef3cb723cf23e2a962a
-
SHA1
a82aa21ff452441f22e77d6f2c6f0f0988cdbd23
-
SHA256
4c54d3ef04e158cf3a938fee971fd705443cc85f4788d0236275bfbe09654fa8
-
SHA512
07e75a466b95a50705d5604540d1af400fe5397eea08471c53004c40f2f31eda575da24a854f3eaa20bee34765892a5ae8084a0ca2acfd1b0f7b64019f83f188
-
SSDEEP
49152:arQQADf1ygMrcWs4w3H6HYmRA7Mo2bcklA3//2I:a0Nf1yVcWs4IBmRAYZbcO4
Malware Config
Targets
-
-
Target
4c54d3ef04e158cf3a938fee971fd705443cc85f4788d0236275bfbe09654fa8
-
Size
1.9MB
-
MD5
a496fc147df86ef3cb723cf23e2a962a
-
SHA1
a82aa21ff452441f22e77d6f2c6f0f0988cdbd23
-
SHA256
4c54d3ef04e158cf3a938fee971fd705443cc85f4788d0236275bfbe09654fa8
-
SHA512
07e75a466b95a50705d5604540d1af400fe5397eea08471c53004c40f2f31eda575da24a854f3eaa20bee34765892a5ae8084a0ca2acfd1b0f7b64019f83f188
-
SSDEEP
49152:arQQADf1ygMrcWs4w3H6HYmRA7Mo2bcklA3//2I:a0Nf1yVcWs4IBmRAYZbcO4
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-