Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    230205-yhh46aea5x

  • MD5

    f22715fd1bb472709e40d274f2b586a8

  • SHA1

    efd0560c6d9f5cdd6a1950cd0a8102b0a13ac0b7

  • SHA256

    adf23c0eed8c4e0a72e279f79d4e4679fb99d66dfc793427231b17029c26fb72

  • SHA512

    614e17b400c3516a064b6f51378477286370baafb0f79a5d9a81a53fbc08ec9558fba980f9a0cb65e60ece833e79f4c057208cf2cf0d3587bea860a7c8c140a2

  • SSDEEP

    49152:xaDk2H2iBKSAj5asnlvpPBaY2rR/daex177tYLCgv2MR:Q9HBnK5as5pP831175Qv2MR

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      f22715fd1bb472709e40d274f2b586a8

    • SHA1

      efd0560c6d9f5cdd6a1950cd0a8102b0a13ac0b7

    • SHA256

      adf23c0eed8c4e0a72e279f79d4e4679fb99d66dfc793427231b17029c26fb72

    • SHA512

      614e17b400c3516a064b6f51378477286370baafb0f79a5d9a81a53fbc08ec9558fba980f9a0cb65e60ece833e79f4c057208cf2cf0d3587bea860a7c8c140a2

    • SSDEEP

      49152:xaDk2H2iBKSAj5asnlvpPBaY2rR/daex177tYLCgv2MR:Q9HBnK5as5pP831175Qv2MR

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks