General

  • Target

    a41e45e14795bb60ef20aa47780ddd8cdc491e7e23c16594a7af91c4f3e817cd.zip

  • Size

    2.4MB

  • Sample

    230321-ryqevadc31

  • MD5

    667f1522cf315c44895e21ee21576301

  • SHA1

    fe4c45d6a2914ea33037a5b41aa3de97bb13df68

  • SHA256

    95d498d08585fe8d56c2847e8bc9711ffac703c53bec92f15c8c82ad86c8b0d3

  • SHA512

    cb3e942357a904d9b04e038c323908835e3f4036de90e7de6f0bf7b392e1a4854bd0337204ba9d8bca7d0a82bc7c3f656d00dd3e9bc3d8155f6f9b191380947b

  • SSDEEP

    49152:yUt2Q0ClCihX19HMe7dmtb1rrr2TP6uvNXZ9q4jKn06XzexW69ETQl:yUI9qCkrEt1mH9DjKn06uz

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      a41e45e14795bb60ef20aa47780ddd8cdc491e7e23c16594a7af91c4f3e817cd.exe

    • Size

      2.4MB

    • MD5

      dd57d3e8aa35f0b8218af7af8f3a65e7

    • SHA1

      5f5980c3c94aca9ca9011505a003fe7b9c8217bf

    • SHA256

      a41e45e14795bb60ef20aa47780ddd8cdc491e7e23c16594a7af91c4f3e817cd

    • SHA512

      ab753c9aaa387863feaffd1d77da231d42450f1c6cd91a716ae03b7b770264fb50ba28d18f91614306a4ab29d5c56a3c38826d68f96a9e21f5c0c6f2d97901a8

    • SSDEEP

      49152:EGlJfse+Lz4cMzjsb0MAb8MIYHKeTxmRL6yQtV6rWfXw+aYy6+g54d5dlLYp:5j2z4PzjsbGIQaREEOAIL+gCrPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks