General
-
Target
cc1ef9ccb23682bc69918cc245621e0c8626955b0145df4a21c08ddb99f2f6d4
-
Size
1.9MB
-
Sample
250127-hje6wswmcy
-
MD5
80ab764180c62f817f185e66a6d35a6c
-
SHA1
35437934909dd85566db53c5652064635655078c
-
SHA256
cc1ef9ccb23682bc69918cc245621e0c8626955b0145df4a21c08ddb99f2f6d4
-
SHA512
4d0234b9d7aab6f3c7eaccef64c5685434f7a480a1155ea6296bf5b207bda82f7b59910b524dcbe47882bb1c3a0d914849b6795506b392c1e72c9a35a6b75480
-
SSDEEP
49152:y3aBxOt35ZTDZ4uiJ1nqdT4s0FybX3cd1hzm:y3Qa35ZTDryYIFGss
Malware Config
Targets
-
-
Target
cc1ef9ccb23682bc69918cc245621e0c8626955b0145df4a21c08ddb99f2f6d4
-
Size
1.9MB
-
MD5
80ab764180c62f817f185e66a6d35a6c
-
SHA1
35437934909dd85566db53c5652064635655078c
-
SHA256
cc1ef9ccb23682bc69918cc245621e0c8626955b0145df4a21c08ddb99f2f6d4
-
SHA512
4d0234b9d7aab6f3c7eaccef64c5685434f7a480a1155ea6296bf5b207bda82f7b59910b524dcbe47882bb1c3a0d914849b6795506b392c1e72c9a35a6b75480
-
SSDEEP
49152:y3aBxOt35ZTDZ4uiJ1nqdT4s0FybX3cd1hzm:y3Qa35ZTDryYIFGss
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-