General
-
Target
d3f6593ca17e05ad4e9d42d8d038180b6e4af642390895d0399e0bd2bbf0a422
-
Size
1.8MB
-
Sample
250104-26c5laslcs
-
MD5
52abc22776d2999254ba7d06b8cdffed
-
SHA1
3c3a8e7777b8fb4d92ae6cca5a7d83929abfe3c6
-
SHA256
d3f6593ca17e05ad4e9d42d8d038180b6e4af642390895d0399e0bd2bbf0a422
-
SHA512
07042e605e08d4d811e98c7e21a66dd11c90c681c70fc77aa546077dab129308572041f7b140d750b643771031a4d74b4237db5c8f793a9290bb516051f239ba
-
SSDEEP
49152:cO05Rkbam9RroKWLP5Q/YCVeWhffJUpxNJhljXc7DVkdH/CI:c/WF9ZoK255CIWhHWLr+AH/b
Malware Config
Targets
-
-
Target
d3f6593ca17e05ad4e9d42d8d038180b6e4af642390895d0399e0bd2bbf0a422
-
Size
1.8MB
-
MD5
52abc22776d2999254ba7d06b8cdffed
-
SHA1
3c3a8e7777b8fb4d92ae6cca5a7d83929abfe3c6
-
SHA256
d3f6593ca17e05ad4e9d42d8d038180b6e4af642390895d0399e0bd2bbf0a422
-
SHA512
07042e605e08d4d811e98c7e21a66dd11c90c681c70fc77aa546077dab129308572041f7b140d750b643771031a4d74b4237db5c8f793a9290bb516051f239ba
-
SSDEEP
49152:cO05Rkbam9RroKWLP5Q/YCVeWhffJUpxNJhljXc7DVkdH/CI:c/WF9ZoK255CIWhHWLr+AH/b
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-