General
-
Target
SecuriteInfo.com.Win32.Evo-gen.11987.12492.exe
-
Size
4.1MB
-
Sample
250210-lp32paxrfz
-
MD5
9be0995781ad8571cf04d56205dfe9cf
-
SHA1
55d0d08c91d3379c19ee82408a9e6c4940c4eab7
-
SHA256
7d38d224cc842dcfd817854fcc19e85749aedf0dbf9000493cf5ab8b2406b581
-
SHA512
c5c3ab30ab1fb7c2dec56d8033fd20076bfd32bb62e882c773b7f436a01592f1b00fa704a486d4768320f038f8ad5cc4236fd266ccfbc48dfad97747b2eb6597
-
SSDEEP
98304:DI40wOeHPyfqn0ottV6xWnkodxQPyX4l5+y+nsr37o/fOX:DI40Seqn0oTWWnBx8bMsrLo/m
Malware Config
Extracted
gcleaner
185.156.73.73
Targets
-
-
Target
SecuriteInfo.com.Win32.Evo-gen.11987.12492.exe
-
Size
4.1MB
-
MD5
9be0995781ad8571cf04d56205dfe9cf
-
SHA1
55d0d08c91d3379c19ee82408a9e6c4940c4eab7
-
SHA256
7d38d224cc842dcfd817854fcc19e85749aedf0dbf9000493cf5ab8b2406b581
-
SHA512
c5c3ab30ab1fb7c2dec56d8033fd20076bfd32bb62e882c773b7f436a01592f1b00fa704a486d4768320f038f8ad5cc4236fd266ccfbc48dfad97747b2eb6597
-
SSDEEP
98304:DI40wOeHPyfqn0ottV6xWnkodxQPyX4l5+y+nsr37o/fOX:DI40Seqn0oTWWnBx8bMsrLo/m
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-