Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    3.0MB

  • Sample

    230215-mv42lsbd79

  • MD5

    e407f8230fe326a690cd0c9bb99e5ce6

  • SHA1

    11d2eae087ed8259be1241fb77fc044808e79a0c

  • SHA256

    2a3ac68da589efd5eb4aef748520a13761342d4f68f6ff1b30b19a45fb6e02e7

  • SHA512

    28f1320b4a2026ce27461c947a9b664f5bf8aa7e29fb21f8607b2d4104776a9e9486724d0c204740842733b2b95a5e8799a542038bc9e59834713794b5763eeb

  • SSDEEP

    49152:rdHgvscjtM0cH/M5fErwz3YwnPd0phBizSyKagB1qInAK4LHynaoCL/zIyCNqNhK:JHAs7zacpc0pLVJJB1qRjkCogNsv2MR

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      3.0MB

    • MD5

      e407f8230fe326a690cd0c9bb99e5ce6

    • SHA1

      11d2eae087ed8259be1241fb77fc044808e79a0c

    • SHA256

      2a3ac68da589efd5eb4aef748520a13761342d4f68f6ff1b30b19a45fb6e02e7

    • SHA512

      28f1320b4a2026ce27461c947a9b664f5bf8aa7e29fb21f8607b2d4104776a9e9486724d0c204740842733b2b95a5e8799a542038bc9e59834713794b5763eeb

    • SSDEEP

      49152:rdHgvscjtM0cH/M5fErwz3YwnPd0phBizSyKagB1qInAK4LHynaoCL/zIyCNqNhK:JHAs7zacpc0pLVJJB1qRjkCogNsv2MR

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks