General
-
Target
f015832f63fc14131c401ab786f243cfc9a543fdd734c8710c61e664886f565c.exe
-
Size
4.0MB
-
Sample
250215-fpd5nsvqfx
-
MD5
af45a01ade3bb0ef3153027f354e87b1
-
SHA1
00331ec4c42ef142081153dea3d1f3fc87abf810
-
SHA256
f015832f63fc14131c401ab786f243cfc9a543fdd734c8710c61e664886f565c
-
SHA512
e59d6924a0b5cce58f342eeeceeaea0bfd1c86b28a28dcb8a8772b7b57ae87eded6cdc8c971047b4eca3d5a46fbf9b5f25e69e4470f926dd5421bd5c37663580
-
SSDEEP
98304:fDYFL6B71dMjET/zI00XqK5HJ0ZnlxyFKSAxcpqvDMYB+Q:fDYomEnIwKoSAxJ3Bl
Malware Config
Extracted
gcleaner
185.156.73.73
Targets
-
-
Target
f015832f63fc14131c401ab786f243cfc9a543fdd734c8710c61e664886f565c.exe
-
Size
4.0MB
-
MD5
af45a01ade3bb0ef3153027f354e87b1
-
SHA1
00331ec4c42ef142081153dea3d1f3fc87abf810
-
SHA256
f015832f63fc14131c401ab786f243cfc9a543fdd734c8710c61e664886f565c
-
SHA512
e59d6924a0b5cce58f342eeeceeaea0bfd1c86b28a28dcb8a8772b7b57ae87eded6cdc8c971047b4eca3d5a46fbf9b5f25e69e4470f926dd5421bd5c37663580
-
SSDEEP
98304:fDYFL6B71dMjET/zI00XqK5HJ0ZnlxyFKSAxcpqvDMYB+Q:fDYomEnIwKoSAxJ3Bl
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-