Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.5MB

  • Sample

    230317-mc4ccshg2w

  • MD5

    d05ef81ac5b06b66781eaea972cb2f47

  • SHA1

    c2f706da55db84c9be7a9ea8a6bd6a7fcc38821f

  • SHA256

    665687b64c26cd4019dd0e43415dd4978c2ed59c7c897462f3cd64c4920e380b

  • SHA512

    44eab9c8a257ed716e39e47e8a556a60aa246fef5790533915406a6e6f959b9dc832e47fd5e0a83cb98d503044ae69030fbb66760f8f05514ed684f9c647a2d3

  • SSDEEP

    49152:EGlJfsRCVMPPVMVY8Mkac1f9/WCxUyE2J5Gpn7DhyMMG999TaP5bZ2Rozh5dlLYp:5vgX8MX6BH+GjG5nhyPG9TTaP5bkWPYp

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.5MB

    • MD5

      d05ef81ac5b06b66781eaea972cb2f47

    • SHA1

      c2f706da55db84c9be7a9ea8a6bd6a7fcc38821f

    • SHA256

      665687b64c26cd4019dd0e43415dd4978c2ed59c7c897462f3cd64c4920e380b

    • SHA512

      44eab9c8a257ed716e39e47e8a556a60aa246fef5790533915406a6e6f959b9dc832e47fd5e0a83cb98d503044ae69030fbb66760f8f05514ed684f9c647a2d3

    • SSDEEP

      49152:EGlJfsRCVMPPVMVY8Mkac1f9/WCxUyE2J5Gpn7DhyMMG999TaP5bZ2Rozh5dlLYp:5vgX8MX6BH+GjG5nhyPG9TTaP5bkWPYp

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks