General
-
Target
e9f3259c65410aeaf495ff2955029ed6.exe
-
Size
3.8MB
-
Sample
250226-xn9zdsyzgv
-
MD5
e9f3259c65410aeaf495ff2955029ed6
-
SHA1
e19cb0381709b796dcd6ca64ee3e5ef38fd0216d
-
SHA256
442d7774797f498ef0afefda6a6f4482fc61dab1950cad7158e79569f5a3d063
-
SHA512
dae85ddeaa83bc100117f1b6cea1a06094d613544ad0f2bd39ebd50f4850190262f3708596eafd1ddc429f58ce37a70269b737504c587823966226feae3e50ee
-
SSDEEP
98304:/euWR/qF4xZTMRW2OkGNFygVrZ9OWNKR:GuWB4WFbZ9OWNK
Malware Config
Extracted
gcleaner
185.156.73.73
Targets
-
-
Target
e9f3259c65410aeaf495ff2955029ed6.exe
-
Size
3.8MB
-
MD5
e9f3259c65410aeaf495ff2955029ed6
-
SHA1
e19cb0381709b796dcd6ca64ee3e5ef38fd0216d
-
SHA256
442d7774797f498ef0afefda6a6f4482fc61dab1950cad7158e79569f5a3d063
-
SHA512
dae85ddeaa83bc100117f1b6cea1a06094d613544ad0f2bd39ebd50f4850190262f3708596eafd1ddc429f58ce37a70269b737504c587823966226feae3e50ee
-
SSDEEP
98304:/euWR/qF4xZTMRW2OkGNFygVrZ9OWNKR:GuWB4WFbZ9OWNK
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-