Overview

overview

10

Static

static

1

.............exe

windows10-2004-x64

7

TechSmith-...VU.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TechSmith-Camtasia-v_oBi6VyVU.zip

  • Size

    12.7MB

  • Sample

    230216-w6smdsag51

  • MD5

    24facf04f7ea3755276fb60a5fcc4448

  • SHA1

    a0a45d902e24318995b775247c036082bd0cbd0e

  • SHA256

    3827d07291d5a4a31970fbb2253733cf73338296285df5298e252dc5d8e6cea9

  • SHA512

    eb5be2e8b92a2fabbf91f318320eeaf9a7056464494f6c3ef1501e1715d8823abccd9af5bc9fb53ea33764a04cd2febd89a60288d4e93f08afb2fec5a3d86c92

  • SSDEEP

    196608:pKM5aUpAI6rSLKSu9gqUd09yHwP9Up9++lNM8wb9+A5WwWulWOnQfLvsAgWwGF7z:gWP8eBuCHI9p+l9wxTWjgQfQAgW9bj

Score
10/10
gcleanerdiscoveryloaderspywarestealer

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.51

45.12.253.92

45.12.253.89

45.12.253.55

Targets

    • Target

      .............exe

    • Size

      5.8MB

    • MD5

      288d7d66024b6562feeb4d6baed41849

    • SHA1

      cb9efb823a462d1afc8057839fecd224d661102a

    • SHA256

      7dfffd124e41f73e266f806951457060dfff9950caca0fcd1c542ff5e9a21e34

    • SHA512

      1793b4c153f4277d65cf99b2758c586f4a59234760916280deab35ae69bd48b3584ba76474243ac67efb98c052b4e9a184c16b93b10ea92292eac46224cf334a

    • SSDEEP

      98304:LX44Xe8aIUM7LhfXMObVARKlsZjLusEBHYCzg1OnW/T+1zS2owMVMowF:7VXeNIUuWObuRKIu5Y0CozSnw7bF

    Score
    7/10
    discovery

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1

    • Target

      TechSmith-Camtasia-v_oBi6VyVU.exe

    • Size

      7.3MB

    • MD5

      d8f10de140ca033bb2499d2e6f29309a

    • SHA1

      33e9b4f590e3c678a09a761fa5d79fb8b83731f1

    • SHA256

      2c6a8b94435ca52957e7f8e593a09e0ca3728afb7ddc22b492f9125dc7fe1cdb

    • SHA512

      cc593d0498675686685af22aa66cf40ca6827a37088f40e9c4a1b04efb03dd42ab0da94d92c4ff55aef411cb803f89d43738249eea163ac485160c4b4d42aff6

    • SSDEEP

      196608:RBMM/xjW8AhD+ox+AEelOAFyjt1CiomiPzSs8R:s+xxAlH+bUyjeio/Z0

    Score
    10/10
    gcleanerdiscoveryloaderspywarestealer

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral2

MITRE ATT&CK Enterprise v6

Tasks