General

  • Target

    35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8

  • Size

    1.8MB

  • Sample

    241226-rnfsnaxmc1

  • MD5

    66d9f653b8d814277e15556d2eaac183

  • SHA1

    58053e45f827dbab2d77122075a963da677d497a

  • SHA256

    35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8

  • SHA512

    bfc125e436ade80c29c5fb79a5176c036fb9b8f3e0d63ab12eb8a77516b62806b02a4e7ee4c4a39b412c4aae08a73413cf130f06c6d14fd2e5f14fe2beda988a

  • SSDEEP

    49152:sAY7O9CuqivE5v8Cge6mkPoW3TV/r5pta/0sEagHnJD:xY7OM1v8RrTV/VPaCaUp

Malware Config

Targets

    • Target

      35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8

    • Size

      1.8MB

    • MD5

      66d9f653b8d814277e15556d2eaac183

    • SHA1

      58053e45f827dbab2d77122075a963da677d497a

    • SHA256

      35eeedbb456d262392d2fba7c3a28715dbbec42c1491f76fd0459bfdd50d70a8

    • SHA512

      bfc125e436ade80c29c5fb79a5176c036fb9b8f3e0d63ab12eb8a77516b62806b02a4e7ee4c4a39b412c4aae08a73413cf130f06c6d14fd2e5f14fe2beda988a

    • SSDEEP

      49152:sAY7O9CuqivE5v8Cge6mkPoW3TV/r5pta/0sEagHnJD:xY7OM1v8RrTV/VPaCaUp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks