Overview

overview

10

Static

static

1

8fd252a966...c4.exe

windows7-x64

10

8fd252a966...c4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5441daca0d28d6eda01b210bf0ea6f4d.bin

  • Size

    1.9MB

  • Sample

    230206-kxgb8ach82

  • MD5

    47ba4fd685978f899b0e3a968480db08

  • SHA1

    dc057fc2b08f092d0b6add789c6c398b5f5ea018

  • SHA256

    d9a64acee3b95a7f18dbe7e573d4c7f628b0c88550f50cec7bf4db2b2cef7905

  • SHA512

    327ff3134a685f433425f4772b650ba348812b612e4661562ceb581445ac2fb6925575290b7c9bd6df452b4f72385496645546cf4dd67cb89840c84fc082ce23

  • SSDEEP

    49152:BuBhKZv6zxXQdiIAwwDVfJvzIURDlLl5lk2s1X:BuxVAdiIAwwpJ7I2Llkx

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      8fd252a96657e5cc2cf702778aa5e4b2385a3f0d10f342a41caa2ed335ca5fc4.exe

    • Size

      2.2MB

    • MD5

      5441daca0d28d6eda01b210bf0ea6f4d

    • SHA1

      b51dfeaccf362d94f560e99183c98914fe8b7a3e

    • SHA256

      8fd252a96657e5cc2cf702778aa5e4b2385a3f0d10f342a41caa2ed335ca5fc4

    • SHA512

      31eb22b762535e3c86ca7e1e40746b5a12d6b15eb8a77ee72e3ca9368e70413ab04038a26364f92b5bb131dd3306cd37c51781c19161e89b1505f80f4e3bc372

    • SSDEEP

      49152:d3ZLVuye5cdCIfP1aaOpQ/BDaFSX+yRPwB4e0LEsLCgv2MR:XLVuyIcdCU9aaOpQJDo4e0LLv2MR

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks