General

  • Target

    f7061e4b0d9f9342d3b8eeadb729a9e7b8cffa20d356c650af1cc6c833e19327

  • Size

    1.8MB

  • Sample

    241226-rsdh4axncv

  • MD5

    b1b1cd560fbd22a72bfbff10c86b8be5

  • SHA1

    93acad9e3ae487e03be94c1ddb0348e4a60fabe7

  • SHA256

    f7061e4b0d9f9342d3b8eeadb729a9e7b8cffa20d356c650af1cc6c833e19327

  • SHA512

    b496f2084a0d93da2206730d3898fd003bc0977c5ad8b3cf6697dab3a0f240422789bcb5e1fbf73106042134b855414e881f8fd12ccfee5c1d5dcafa4a8a1513

  • SSDEEP

    49152:yv9rb7BlzDAhc/WLpFqQtOS9wGIH7Txir49:O9XvzDyeWLpFqQtVFIH/u4

Malware Config

Targets

    • Target

      f7061e4b0d9f9342d3b8eeadb729a9e7b8cffa20d356c650af1cc6c833e19327

    • Size

      1.8MB

    • MD5

      b1b1cd560fbd22a72bfbff10c86b8be5

    • SHA1

      93acad9e3ae487e03be94c1ddb0348e4a60fabe7

    • SHA256

      f7061e4b0d9f9342d3b8eeadb729a9e7b8cffa20d356c650af1cc6c833e19327

    • SHA512

      b496f2084a0d93da2206730d3898fd003bc0977c5ad8b3cf6697dab3a0f240422789bcb5e1fbf73106042134b855414e881f8fd12ccfee5c1d5dcafa4a8a1513

    • SSDEEP

      49152:yv9rb7BlzDAhc/WLpFqQtOS9wGIH7Txir49:O9XvzDyeWLpFqQtVFIH/u4

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.