General
-
Target
f7aaba06182cfc5325d113ded5074e1a7ce5f3d5895499514586a810a9e02974
-
Size
1.9MB
-
Sample
241227-j6wylatleq
-
MD5
d6db5eb3422f2a5674476824e65fb4c7
-
SHA1
f9636873e1ef5f57ca829b738a3d68e9679bc45c
-
SHA256
f7aaba06182cfc5325d113ded5074e1a7ce5f3d5895499514586a810a9e02974
-
SHA512
d247fda8bb82287207c16fb0888d56f8425b3c0972023c9737812e3e77d0e681d00719c147197453a18b7952a0ac464f6ded39366347b6ef7449744c1e435fba
-
SSDEEP
49152:aqYERIF+AnurRBnGhJHI0nvMINKx835JCwS9aKErF90rbI:DSF+HnGh9uINKxUjCwSIKwK
Malware Config
Targets
-
-
Target
f7aaba06182cfc5325d113ded5074e1a7ce5f3d5895499514586a810a9e02974
-
Size
1.9MB
-
MD5
d6db5eb3422f2a5674476824e65fb4c7
-
SHA1
f9636873e1ef5f57ca829b738a3d68e9679bc45c
-
SHA256
f7aaba06182cfc5325d113ded5074e1a7ce5f3d5895499514586a810a9e02974
-
SHA512
d247fda8bb82287207c16fb0888d56f8425b3c0972023c9737812e3e77d0e681d00719c147197453a18b7952a0ac464f6ded39366347b6ef7449744c1e435fba
-
SSDEEP
49152:aqYERIF+AnurRBnGhJHI0nvMINKx835JCwS9aKErF90rbI:DSF+HnGh9uINKxUjCwSIKwK
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-