General
-
Target
cf7ffe3a312f070e4f6d2f97028e6fe723d81988960666392dbca5dba2e8e5e2.exe
-
Size
4.4MB
-
Sample
250327-ksbwyazsgw
-
MD5
e4cfeb2a2017ebbd01afdab0b5eed7db
-
SHA1
5973a49920d557480162a11eaffea8ff0fc00e98
-
SHA256
cf7ffe3a312f070e4f6d2f97028e6fe723d81988960666392dbca5dba2e8e5e2
-
SHA512
e081526dbccc6d3e439929aefb0a7da6cd5e0aac5caf8810d809048276b3456e4353e9f73bb44309ddc9eebdbb237fcc5c4fde40245ef893402b63e7885e3b0f
-
SSDEEP
98304:PyRT1EMZWqlcGRSzutUeEtd+GvLonOvEXy4BYcfgF4gCkb:qRxZLlXRSz+UBNQJi4pfgqgCkb
Malware Config
Targets
-
-
Target
cf7ffe3a312f070e4f6d2f97028e6fe723d81988960666392dbca5dba2e8e5e2.exe
-
Size
4.4MB
-
MD5
e4cfeb2a2017ebbd01afdab0b5eed7db
-
SHA1
5973a49920d557480162a11eaffea8ff0fc00e98
-
SHA256
cf7ffe3a312f070e4f6d2f97028e6fe723d81988960666392dbca5dba2e8e5e2
-
SHA512
e081526dbccc6d3e439929aefb0a7da6cd5e0aac5caf8810d809048276b3456e4353e9f73bb44309ddc9eebdbb237fcc5c4fde40245ef893402b63e7885e3b0f
-
SSDEEP
98304:PyRT1EMZWqlcGRSzutUeEtd+GvLonOvEXy4BYcfgF4gCkb:qRxZLlXRSz+UBNQJi4pfgqgCkb
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-