Overview

overview

10

Static

static

1

83660b75c4...77.exe

windows7-x64

10

83660b75c4...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    83660b75c4e4dc6041398055ea66a6815b0b8144551aa4d45fda83c05dba9277.zip

  • Size

    2.2MB

  • Sample

    230321-ryptbadc3y

  • MD5

    3edbbbf29df82fa4ac35507bd6906943

  • SHA1

    e635d69815b07c479e2aae223c3155a49d00fd03

  • SHA256

    75ba567bd227a1896d4027f23e0fb77ffc28bf3e4277ef08f78126ee15ba470b

  • SHA512

    fee875b74148a6d411d88fa74f9ce1a5f0d02435a25686774faeaa2c9a3dea81ea448ddaf5eee92c6a3ee7559a890abe503028e750a6df9a9284a902605a8281

  • SSDEEP

    49152:hHXUdjJAfZfmqlRHkjStc52zGEuIt/mwCe2ew/A44TVFJyHR:h3UXAfZfREjb52zGEuIt+wCv/ARVix

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      83660b75c4e4dc6041398055ea66a6815b0b8144551aa4d45fda83c05dba9277.exe

    • Size

      2.2MB

    • MD5

      404d033972d34c28f3b04e65d3673342

    • SHA1

      0ab996aae9c3046d789f841f803c4beeb616e463

    • SHA256

      83660b75c4e4dc6041398055ea66a6815b0b8144551aa4d45fda83c05dba9277

    • SHA512

      62be0c133a33e493ca43812f33d5b9e7a0eb99c5338aef3a3dcab70e9c34151242c6c6984c708b7b4a76745de9d5ebaf45102116b8800a6dd760b9fccfcdf4cd

    • SSDEEP

      49152:EGlJfs6KVfxph3y9qZEwMD9nsaXiLWrF4pi8IOCTbfGQsSVEmmy5dlLYp:5Offhi9yAVsAiaeUl3yiV3mAPYp

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks