Overview

overview

10

Static

static

Cleaner.exe

windows7_x64

10

Cleaner.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cleaner.exe

  • Size

    9.5MB

  • Sample

    220421-xg6ndsbfgj

  • MD5

    de0a45f6e7993c747a07a94ed53d4313

  • SHA1

    cd89acfbdaeaee3bd25eb1f1fcb5faf8952bbda6

  • SHA256

    7be60e10a3b50a56a3313861c4d55fe36dcf538a890fe713655cf71ba3bd8207

  • SHA512

    268d08a4b6ae243d26fc165e92b998735cbac9a1100ed1aa69fe3c187e50e4ba60cd68764507c164d613ea772da48a18be19b61610116b118c1234b39882f126

Score
10/10
discoveryevasionexploit

Malware Config

Targets

    • Target

      Cleaner.exe

    • Size

      9.5MB

    • MD5

      de0a45f6e7993c747a07a94ed53d4313

    • SHA1

      cd89acfbdaeaee3bd25eb1f1fcb5faf8952bbda6

    • SHA256

      7be60e10a3b50a56a3313861c4d55fe36dcf538a890fe713655cf71ba3bd8207

    • SHA512

      268d08a4b6ae243d26fc165e92b998735cbac9a1100ed1aa69fe3c187e50e4ba60cd68764507c164d613ea772da48a18be19b61610116b118c1234b39882f126

    Score
    10/10
    discoveryevasionexploit

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Stops running service(s)

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks