General
-
Target
random.exe
-
Size
4.3MB
-
Sample
250327-r9ahrstvbt
-
MD5
963a03c861940396943babbeb18b9a0a
-
SHA1
c727eb82edb57d3148e1a0c3bb0d5680ee82fae5
-
SHA256
2969b6de959aa9ba346aac7784ac87c787b651dad3f25e7608cfc9d346b30509
-
SHA512
31a0809298c292fc97eec28a3f1b9beba8250708adb3036502503575fa77f3f5e4a651a42f159184e8e7566c13831aa8eb2e9b855b954c15316bdb3346a98a9a
-
SSDEEP
98304:TBpHMYm8FZ/VPPQJdhmqnSTKCdPzjFenKYcPZbdFE:TBpsYTgmqSeCdP1eKYcPVd
Malware Config
Targets
-
-
Target
random.exe
-
Size
4.3MB
-
MD5
963a03c861940396943babbeb18b9a0a
-
SHA1
c727eb82edb57d3148e1a0c3bb0d5680ee82fae5
-
SHA256
2969b6de959aa9ba346aac7784ac87c787b651dad3f25e7608cfc9d346b30509
-
SHA512
31a0809298c292fc97eec28a3f1b9beba8250708adb3036502503575fa77f3f5e4a651a42f159184e8e7566c13831aa8eb2e9b855b954c15316bdb3346a98a9a
-
SSDEEP
98304:TBpHMYm8FZ/VPPQJdhmqnSTKCdPzjFenKYcPZbdFE:TBpsYTgmqSeCdP1eKYcPVd
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-