General

  • Target

    file.exe

  • Size

    1MB

  • Sample

    230125-mtzqhahd6w

  • MD5

    dc5a1fc5015c1d6f7559751fcc51da0b

  • SHA1

    4d1e641f1857df03c1debb14e818ae2a5a329f8f

  • SHA256

    cb857dfdd1d7bbec2b68b6e1a5317d8f12169acba56f281caf6f06d7ae6506d1

  • SHA512

    d29223475f7d8e04ea08af9942436604b5d42583c3b24afdec1add352c39cd9680a17371640fcd2f7b3aa3ebdf4b79d74d12b26916a290f208f04e0bc46e6806

  • SSDEEP

    24576:Z3QqaseyLaCmqJxoqtAQTazKxa7SOf7LnL42WCe6Cyrd+rOv7XNnbciEeLC15wvV:Zdr13e7ZDs2K6CyGOvpblEeLCgv2MR

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1MB

    • MD5

      dc5a1fc5015c1d6f7559751fcc51da0b

    • SHA1

      4d1e641f1857df03c1debb14e818ae2a5a329f8f

    • SHA256

      cb857dfdd1d7bbec2b68b6e1a5317d8f12169acba56f281caf6f06d7ae6506d1

    • SHA512

      d29223475f7d8e04ea08af9942436604b5d42583c3b24afdec1add352c39cd9680a17371640fcd2f7b3aa3ebdf4b79d74d12b26916a290f208f04e0bc46e6806

    • SSDEEP

      24576:Z3QqaseyLaCmqJxoqtAQTazKxa7SOf7LnL42WCe6Cyrd+rOv7XNnbciEeLC15wvV:Zdr13e7ZDs2K6CyGOvpblEeLCgv2MR

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation

                        Tasks