Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    230320-3z53gafh54

  • MD5

    404d033972d34c28f3b04e65d3673342

  • SHA1

    0ab996aae9c3046d789f841f803c4beeb616e463

  • SHA256

    83660b75c4e4dc6041398055ea66a6815b0b8144551aa4d45fda83c05dba9277

  • SHA512

    62be0c133a33e493ca43812f33d5b9e7a0eb99c5338aef3a3dcab70e9c34151242c6c6984c708b7b4a76745de9d5ebaf45102116b8800a6dd760b9fccfcdf4cd

  • SSDEEP

    49152:EGlJfs6KVfxph3y9qZEwMD9nsaXiLWrF4pi8IOCTbfGQsSVEmmy5dlLYp:5Offhi9yAVsAiaeUl3yiV3mAPYp

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      404d033972d34c28f3b04e65d3673342

    • SHA1

      0ab996aae9c3046d789f841f803c4beeb616e463

    • SHA256

      83660b75c4e4dc6041398055ea66a6815b0b8144551aa4d45fda83c05dba9277

    • SHA512

      62be0c133a33e493ca43812f33d5b9e7a0eb99c5338aef3a3dcab70e9c34151242c6c6984c708b7b4a76745de9d5ebaf45102116b8800a6dd760b9fccfcdf4cd

    • SSDEEP

      49152:EGlJfs6KVfxph3y9qZEwMD9nsaXiLWrF4pi8IOCTbfGQsSVEmmy5dlLYp:5Offhi9yAVsAiaeUl3yiV3mAPYp

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks