Overview

overview

10

Static

static

1

d66cdab94f...98.exe

windows7-x64

10

d66cdab94f...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eeae06fd1bf4581cc65c8348d9a3d702.bin

  • Size

    2.7MB

  • Sample

    230215-ccapyaha9x

  • MD5

    b898c029ac1fcf50e77fb183145a2105

  • SHA1

    5a6d1628b2612bda4b659b0d917b76f921954769

  • SHA256

    be03c426b1b379aa57bcdb8ecfdffb446b32cdfce2d84a71d67c008ffbf5875b

  • SHA512

    1b7476fbb14a3aad92693620e9ceb4cb9b68456865939c3677fe34badcacfad9044bcffeda1072f031353215d14066f15020fc11eb24834b4e5049a4649c6b71

  • SSDEEP

    49152:OXgyIVDFwNL/eIfTfC1UDxUl+8k0KKjXUsNnSV1KC/JyiY21C6rInehusre:cgLFoFfT61AuEKjXU6C/FBzkie

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      d66cdab94fb0231de6ddd6201c606115b2fa8174cc9f25816aabcb3347acc398.exe

    • Size

      3.0MB

    • MD5

      eeae06fd1bf4581cc65c8348d9a3d702

    • SHA1

      1c00733dbeae30efde5a4b25cd54106d47a79516

    • SHA256

      d66cdab94fb0231de6ddd6201c606115b2fa8174cc9f25816aabcb3347acc398

    • SHA512

      0ec2256a715dc700c2ecacbc3032553a67016dad811b228a0e7117c283d12c48cac321e3f3185be01074480bb98f9d9dfbd36f9c331a95d9b4c86d6eae543cef

    • SSDEEP

      49152:rdHCizbDh42bSN+ITY2KU5N0SNCtXcFtSTc5E7iCsPJSLpyRLCgv2MR:JHCeXh4nI2KQSRXcFQTcvZx009v2MR

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks