General
-
Target
28a98101af4023667b3d06298c6968b7b041965b0c6fe0388310f8166c35029e.exe
-
Size
1.9MB
-
Sample
241231-vj78wssmgp
-
MD5
e90acf0d2570c3438f32810840f55640
-
SHA1
710452f266a2faf238d97dc5e631ad1d8487a98b
-
SHA256
28a98101af4023667b3d06298c6968b7b041965b0c6fe0388310f8166c35029e
-
SHA512
6984149110cae091db7d3e1138bffdb5eef8869f5abe6a3d73b949d57ae671cf35b837a0035bef51a6c66d9cf5613b040d8ccbceae36cb7ab721ae3f5cc26cf2
-
SSDEEP
24576:dWPJaAZH5R6Da+ySk+PNTV1jvkM1fUWVy7CqgO5NQrKmTZXs5/EjV0wS1QG5qxC:0PoAZeDapYnhsM107CqlQ5dXs5MR3yn
Malware Config
Targets
-
-
Target
28a98101af4023667b3d06298c6968b7b041965b0c6fe0388310f8166c35029e.exe
-
Size
1.9MB
-
MD5
e90acf0d2570c3438f32810840f55640
-
SHA1
710452f266a2faf238d97dc5e631ad1d8487a98b
-
SHA256
28a98101af4023667b3d06298c6968b7b041965b0c6fe0388310f8166c35029e
-
SHA512
6984149110cae091db7d3e1138bffdb5eef8869f5abe6a3d73b949d57ae671cf35b837a0035bef51a6c66d9cf5613b040d8ccbceae36cb7ab721ae3f5cc26cf2
-
SSDEEP
24576:dWPJaAZH5R6Da+ySk+PNTV1jvkM1fUWVy7CqgO5NQrKmTZXs5/EjV0wS1QG5qxC:0PoAZeDapYnhsM107CqlQ5dXs5MR3yn
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-