General
-
Target
dbfc0265fc606666bbaf8f19039c4379d9162b8e054f027d92cc5fc37ae24014.exe
-
Size
4.5MB
-
Sample
250327-pfwg2a1yd1
-
MD5
b8da2f55ca578f647135dd07ea121fca
-
SHA1
01daf1ccd90745fb6e6dc77fbb18adf87779573c
-
SHA256
dbfc0265fc606666bbaf8f19039c4379d9162b8e054f027d92cc5fc37ae24014
-
SHA512
3a336ad990b3b14157199321c7ad980d06a412005a7fcdd1cf4fcece48fbefbf0ae845c384678f290b53b619ecd1587070359fbf010248c2f9907e2bb1422605
-
SSDEEP
98304:/NF/JNYIJfSZXTluNtdkoiwiioPme/dgSXkzL1dDLp:/0IMzQ/M7i4mSUv1NL
Malware Config
Extracted
gcleaner
185.156.73.73
Targets
-
-
Target
dbfc0265fc606666bbaf8f19039c4379d9162b8e054f027d92cc5fc37ae24014.exe
-
Size
4.5MB
-
MD5
b8da2f55ca578f647135dd07ea121fca
-
SHA1
01daf1ccd90745fb6e6dc77fbb18adf87779573c
-
SHA256
dbfc0265fc606666bbaf8f19039c4379d9162b8e054f027d92cc5fc37ae24014
-
SHA512
3a336ad990b3b14157199321c7ad980d06a412005a7fcdd1cf4fcece48fbefbf0ae845c384678f290b53b619ecd1587070359fbf010248c2f9907e2bb1422605
-
SSDEEP
98304:/NF/JNYIJfSZXTluNtdkoiwiioPme/dgSXkzL1dDLp:/0IMzQ/M7i4mSUv1NL
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-