Overview

overview

10

Static

static

1

zip.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zip.zip

  • Size

    196B

  • Sample

    230312-w3f47aeh48

  • MD5

    b646eb6b1134ad5b8a54c965c37cc22e

  • SHA1

    c7c73343d465602141832eb1d1409ac9e326028c

  • SHA256

    8b51f70a2b42e40f6bc935c049bc37829b0636b8f1942cf84f5db522cb6a8793

  • SHA512

    eb28d7c30b025dea87f1dfb2f8d2ec7c8027975bf76f6530d14ab9ae0809d4379a9b46195c39c0963688fd8d7dcafc38b7b38cf21467d733b70c1f25190ab66f

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

85.31.45.39

85.31.45.250

85.31.45.251

85.31.45.88

Targets

    • Target

      zip.zip

    • Size

      196B

    • MD5

      b646eb6b1134ad5b8a54c965c37cc22e

    • SHA1

      c7c73343d465602141832eb1d1409ac9e326028c

    • SHA256

      8b51f70a2b42e40f6bc935c049bc37829b0636b8f1942cf84f5db522cb6a8793

    • SHA512

      eb28d7c30b025dea87f1dfb2f8d2ec7c8027975bf76f6530d14ab9ae0809d4379a9b46195c39c0963688fd8d7dcafc38b7b38cf21467d733b70c1f25190ab66f

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks