General
-
Target
27ea5b01b7755a3236dd0b727e21b3bdb543aeb10ea774179fcd85bf6e44fad7
-
Size
1.9MB
-
Sample
241226-y8ffysynar
-
MD5
7b54acb05c74dff91f5d4eef5e90ac26
-
SHA1
9ae7ed1a3e12921df3a7329e78ab89e6dedc8d52
-
SHA256
27ea5b01b7755a3236dd0b727e21b3bdb543aeb10ea774179fcd85bf6e44fad7
-
SHA512
9679abfc3b247e7667df1b8aac2717c0577c7637caa3c11873a552b7b2b836c47172f7aa41180129a81c2c2c95eff8a481d01ae33ca87ceccb6310a35ab8a2cf
-
SSDEEP
49152:pAwRaR2tdVvGDmjPu4tetYpeEyzenO0Ld80IYa:OBIPVvGaru4teSpeEyzenhra
Malware Config
Targets
-
-
Target
27ea5b01b7755a3236dd0b727e21b3bdb543aeb10ea774179fcd85bf6e44fad7
-
Size
1.9MB
-
MD5
7b54acb05c74dff91f5d4eef5e90ac26
-
SHA1
9ae7ed1a3e12921df3a7329e78ab89e6dedc8d52
-
SHA256
27ea5b01b7755a3236dd0b727e21b3bdb543aeb10ea774179fcd85bf6e44fad7
-
SHA512
9679abfc3b247e7667df1b8aac2717c0577c7637caa3c11873a552b7b2b836c47172f7aa41180129a81c2c2c95eff8a481d01ae33ca87ceccb6310a35ab8a2cf
-
SSDEEP
49152:pAwRaR2tdVvGDmjPu4tetYpeEyzenO0Ld80IYa:OBIPVvGaru4teSpeEyzenhra
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-