General
-
Target
c478f156fe5c34581fe6913183cc08c5103babc310cb60250dba395b261bbdec
-
Size
1.9MB
-
Sample
241227-pjgs2svpbn
-
MD5
a799ca00b534622e3ce09cedbb913f79
-
SHA1
30fbc64022b704d4ee78b312fdc1f2a018522ad4
-
SHA256
c478f156fe5c34581fe6913183cc08c5103babc310cb60250dba395b261bbdec
-
SHA512
493fbcf504c54b6fa215a9e865bfb0ad74da564c94a61926abe067071407b58e8ef578950816d8e4973bdb5f5ccbef6392ea78c34d4b4107c0a6627b20b04040
-
SSDEEP
24576:+sxBcmJsYD5MtIE2i3Keuph8QVn6dhicrn8NUGOWk9jHA7sCE8Xw+v+sWavrGLSM:V+aibuLn6d/8G9jHS9bW5ztPXFB
Malware Config
Targets
-
-
Target
c478f156fe5c34581fe6913183cc08c5103babc310cb60250dba395b261bbdec
-
Size
1.9MB
-
MD5
a799ca00b534622e3ce09cedbb913f79
-
SHA1
30fbc64022b704d4ee78b312fdc1f2a018522ad4
-
SHA256
c478f156fe5c34581fe6913183cc08c5103babc310cb60250dba395b261bbdec
-
SHA512
493fbcf504c54b6fa215a9e865bfb0ad74da564c94a61926abe067071407b58e8ef578950816d8e4973bdb5f5ccbef6392ea78c34d4b4107c0a6627b20b04040
-
SSDEEP
24576:+sxBcmJsYD5MtIE2i3Keuph8QVn6dhicrn8NUGOWk9jHA7sCE8Xw+v+sWavrGLSM:V+aibuLn6d/8G9jHS9bW5ztPXFB
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-