General
-
Target
47376df478753605027ba47072a31529d0e273554c149a1618a595fe057cfdcb
-
Size
1.9MB
-
Sample
250125-pk5w9stqbj
-
MD5
8e15fccc9745d1989f5f53284fc39d09
-
SHA1
ebd351f39ac633ead4524e363cf5fc52dc7ed8a2
-
SHA256
47376df478753605027ba47072a31529d0e273554c149a1618a595fe057cfdcb
-
SHA512
8ae5f1a5ef5ce43690a18853f0f8f904046820217afec77bd5a34ed98ddd853c02e4aab4e3646deb4c09a7d7ac30d3f2ef833ec083d80341b73bee5390492222
-
SSDEEP
49152:pO57Ru66xaOMdk9yWk1xL7UgQoiypk9iwlUVZtp:pkg668XW2L4gQoiypCiVB
Malware Config
Targets
-
-
Target
47376df478753605027ba47072a31529d0e273554c149a1618a595fe057cfdcb
-
Size
1.9MB
-
MD5
8e15fccc9745d1989f5f53284fc39d09
-
SHA1
ebd351f39ac633ead4524e363cf5fc52dc7ed8a2
-
SHA256
47376df478753605027ba47072a31529d0e273554c149a1618a595fe057cfdcb
-
SHA512
8ae5f1a5ef5ce43690a18853f0f8f904046820217afec77bd5a34ed98ddd853c02e4aab4e3646deb4c09a7d7ac30d3f2ef833ec083d80341b73bee5390492222
-
SSDEEP
49152:pO57Ru66xaOMdk9yWk1xL7UgQoiypk9iwlUVZtp:pkg668XW2L4gQoiypCiVB
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-