Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.5MB

  • Sample

    230210-v3pwnacd4s

  • MD5

    b46f3353de5a7cffc0d8691996a75365

  • SHA1

    285a5feac9e8de3ffa3cd43e58b394a5890adcdd

  • SHA256

    8358cd902e70dc3b1d350e98bc0cc1d1e1d23dc35441226194c594a6c435d982

  • SHA512

    1f0c91b2ce4b7cc8e7832b00386a307c828226e98ebe2d83d42b976a8e64042706e993c2540d7171be320bd52dc62b91f1c016f47e00718efa6454f3ff337319

  • SSDEEP

    49152:rdHmyf7f1JadMp3yMsvtFKRE8IZlXYuzulCXVe4oF114yzMoEVGhzKPRLCgv2MR:JHDGMp3AviRE8Qz6UVe4ov14yzWGa9vV

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.5MB

    • MD5

      b46f3353de5a7cffc0d8691996a75365

    • SHA1

      285a5feac9e8de3ffa3cd43e58b394a5890adcdd

    • SHA256

      8358cd902e70dc3b1d350e98bc0cc1d1e1d23dc35441226194c594a6c435d982

    • SHA512

      1f0c91b2ce4b7cc8e7832b00386a307c828226e98ebe2d83d42b976a8e64042706e993c2540d7171be320bd52dc62b91f1c016f47e00718efa6454f3ff337319

    • SSDEEP

      49152:rdHmyf7f1JadMp3yMsvtFKRE8IZlXYuzulCXVe4oF114yzMoEVGhzKPRLCgv2MR:JHDGMp3AviRE8Qz6UVe4ov14yzWGa9vV

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks