General

  • Target

    665687b64c26cd4019dd0e43415dd4978c2ed59c7c897462f3cd64c4920e380b.zip

  • Size

    2.4MB

  • Sample

    230321-ryphjsbb72

  • MD5

    6a9ea37e926fac7369e0cd596a370171

  • SHA1

    1138833ae913498c1c88bfbd59bdda7a0d8c5bcf

  • SHA256

    72d1d9d7d6ad0284500251ae8facd995be812ec4e356d72557c0e83078f684f9

  • SHA512

    8006009d1eb927c82c6d4500370b7bf41eea6b577a963429bc0093180097db0f5e8d4c233a3dea4568d677f3e425611d8f28e4b8011bca223c87eab57b2366aa

  • SSDEEP

    49152:l0oFsHLCc4H0IR3W7po8eAXrPOx6rNOl7fqo66j5Djc0+7I2UdlXd+jybHkoLcO5:lDFsHT4RI7py8CgNOhvj5kd7I26Xd+jk

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      665687b64c26cd4019dd0e43415dd4978c2ed59c7c897462f3cd64c4920e380b.exe

    • Size

      2.5MB

    • MD5

      d05ef81ac5b06b66781eaea972cb2f47

    • SHA1

      c2f706da55db84c9be7a9ea8a6bd6a7fcc38821f

    • SHA256

      665687b64c26cd4019dd0e43415dd4978c2ed59c7c897462f3cd64c4920e380b

    • SHA512

      44eab9c8a257ed716e39e47e8a556a60aa246fef5790533915406a6e6f959b9dc832e47fd5e0a83cb98d503044ae69030fbb66760f8f05514ed684f9c647a2d3

    • SSDEEP

      49152:EGlJfsRCVMPPVMVY8Mkac1f9/WCxUyE2J5Gpn7DhyMMG999TaP5bZ2Rozh5dlLYp:5vgX8MX6BH+GjG5nhyPG9TTaP5bkWPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks