Overview

overview

10

Static

static

1

file.exe

windows10-2004-x64

10

Resubmissions

14-02-2023 14:36

230214-rywxmade4z 10

14-02-2023 14:31

230214-rvpzxadd9y 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    230214-rywxmade4z

  • MD5

    8f40dd44b9ec2fe88f8035fc1d5da5f6

  • SHA1

    58ba61f32e2f70e3d2d8eeecc96b9475e9737f59

  • SHA256

    71873b175fbc7631794d4168b22d171162169f2b96ad895317db4a9b6d6f625d

  • SHA512

    9572d7a40da4a8b40535010ca9ce321507b75ac5c4f97ce8f2d91203565eb4bd6ac32c1c4c213fd5f3630712f4614a04b44929be4909b6d6a91b6a0db438ee89

  • SSDEEP

    49152:rdHUsGgYzi5qn+M1CoJnluw1pIgfSB9b2rJIb8P9uYB2hiQCbJNNYmLLCgv2MR:JHUsK3l/nj+9C88A1i7JNNYYv2MR

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      8f40dd44b9ec2fe88f8035fc1d5da5f6

    • SHA1

      58ba61f32e2f70e3d2d8eeecc96b9475e9737f59

    • SHA256

      71873b175fbc7631794d4168b22d171162169f2b96ad895317db4a9b6d6f625d

    • SHA512

      9572d7a40da4a8b40535010ca9ce321507b75ac5c4f97ce8f2d91203565eb4bd6ac32c1c4c213fd5f3630712f4614a04b44929be4909b6d6a91b6a0db438ee89

    • SSDEEP

      49152:rdHUsGgYzi5qn+M1CoJnluw1pIgfSB9b2rJIb8P9uYB2hiQCbJNNYmLLCgv2MR:JHUsK3l/nj+9C88A1i7JNNYYv2MR

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks