General
-
Target
e5f085901342aae6c0cc57ffef257027367fcfd306bc8130caf9899031e625ce
-
Size
4.0MB
-
Sample
250222-kl88vstq19
-
MD5
9e17cfaca21dbfa6468533a2e3240d63
-
SHA1
ca0294f682135f5d22ab1856c1a80dd084ebbcb4
-
SHA256
e5f085901342aae6c0cc57ffef257027367fcfd306bc8130caf9899031e625ce
-
SHA512
8d3ca870445a98f19b896b9b0cd89be4aa2f9812d0c6656981d9b0dcc1b4031e78f1dadd48bfdae41e3a446421414791cbb8584164426fd401c8adff389a22e1
-
SSDEEP
98304:s6BxHpylrSVzDZYBh3acuwo+xaj4/Uz4YRWUjaFKQAoj:s6BxgloGBh3po+xaaU0DKQZ
Malware Config
Extracted
gcleaner
185.156.73.73
Targets
-
-
Target
e5f085901342aae6c0cc57ffef257027367fcfd306bc8130caf9899031e625ce
-
Size
4.0MB
-
MD5
9e17cfaca21dbfa6468533a2e3240d63
-
SHA1
ca0294f682135f5d22ab1856c1a80dd084ebbcb4
-
SHA256
e5f085901342aae6c0cc57ffef257027367fcfd306bc8130caf9899031e625ce
-
SHA512
8d3ca870445a98f19b896b9b0cd89be4aa2f9812d0c6656981d9b0dcc1b4031e78f1dadd48bfdae41e3a446421414791cbb8584164426fd401c8adff389a22e1
-
SSDEEP
98304:s6BxHpylrSVzDZYBh3acuwo+xaj4/Uz4YRWUjaFKQAoj:s6BxgloGBh3po+xaaU0DKQZ
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-