General

  • Target

    file.exe

  • Size

    2.9MB

  • Sample

    230310-k82sasec2s

  • MD5

    20937cee5e94b5848b1f1c845b5a6961

  • SHA1

    8046f6136a62bd05b9cf2c443d0be3ab14e7c8e2

  • SHA256

    49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f

  • SHA512

    199f78bfca7fdf848e13873deeb8026ac3e2eeb77bf6d3b52393e787932942d649c92de4fcdeb9d0890c55f175735faa4416c4c00cc5b9014d4df62de5ded37a

  • SSDEEP

    49152:AGo4EIlCeDcoJHLo//us+DSaSZgc3jQ8F0EMEUICKZ0f9F5u++QVqZXN7ksRnPXL:do4j3q/f+DXNcc822zL08gUxOKz

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.9MB

    • MD5

      20937cee5e94b5848b1f1c845b5a6961

    • SHA1

      8046f6136a62bd05b9cf2c443d0be3ab14e7c8e2

    • SHA256

      49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f

    • SHA512

      199f78bfca7fdf848e13873deeb8026ac3e2eeb77bf6d3b52393e787932942d649c92de4fcdeb9d0890c55f175735faa4416c4c00cc5b9014d4df62de5ded37a

    • SSDEEP

      49152:AGo4EIlCeDcoJHLo//us+DSaSZgc3jQ8F0EMEUICKZ0f9F5u++QVqZXN7ksRnPXL:do4j3q/f+DXNcc822zL08gUxOKz

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks