Overview

overview

10

Static

static

1

485cadde1d...0c.exe

windows7-x64

10

485cadde1d...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    354895bd5079cc205b265799b71ec05c.bin

  • Size

    210KB

  • Sample

    230313-lmx3nahf75

  • MD5

    16816fe77b2785ed9a6264081352d195

  • SHA1

    e040c51563d497a5ed2498fce14821f098bf602b

  • SHA256

    d2a5f74ee96363121ed7658717f3118e35e4cc013168f0ecb24e6b5dfb2d3246

  • SHA512

    adcfff4caa9ce1744e273c18d0aba50dc91cfb976321c17c916e6075d3c6ea1c84d748250c7a895daf8aff102258bcc2fbfec6f5a1ed2406f949fe9ed267a9eb

  • SSDEEP

    6144:X2DvJIlcJdNBFQ0Q8QKR7pOyC73KK2wzGd:XgvJIEZQ0Q8LbC7Q2Gd

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      485cadde1de44b50c205f7019b7f63222af1e779b9a14b9363bd811d6933f80c.exe

    • Size

      276KB

    • MD5

      354895bd5079cc205b265799b71ec05c

    • SHA1

      1016ac93fad8d1706255e96f7807c1950bd3d78c

    • SHA256

      485cadde1de44b50c205f7019b7f63222af1e779b9a14b9363bd811d6933f80c

    • SHA512

      792fd2aa10633cb5b59ae51b2e124d9e2765f1d830b9f785666ef09683380e765b299fb528d319662dedcc0503914a95e5a30a128c021f20bb3498c047395b8f

    • SSDEEP

      3072:qmEFfQzn7IRveaMP7osVhZTTqadpBtrWAbTJhzoxM7viqOUAX6xJ9n+T6:UFYznoeaMZXbSAp8pz+

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks