Overview

overview

10

Static

static

1

7c8bc88fc4...07.exe

windows7-x64

10

7c8bc88fc4...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c8bc88fc4dcde08fda121950b741607.exe

  • Size

    2.1MB

  • Sample

    230322-xx8spaah26

  • MD5

    7c8bc88fc4dcde08fda121950b741607

  • SHA1

    e654e807674334967b738057ea6d21b827a0a01c

  • SHA256

    1ed63828c472771cf59e95852088a702e381e3350d9c4cf831ca102d922e611a

  • SHA512

    2e130aa52cb92282085583a893f29fd5af18cc88dcb787235f44de20a287f2818ae71e92091e133a958f4947b3302b325d2592a2860dbf3361c51262098bbc97

  • SSDEEP

    49152:EGlJfs/Qq/vsfccJReTkMBuyJ/WyFMHQh3qrDIHxAUZl1ufBDwPj5dlLYp:5mQq/vsfOu+OLw9yI/Zl1ma1PYp

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      7c8bc88fc4dcde08fda121950b741607.exe

    • Size

      2.1MB

    • MD5

      7c8bc88fc4dcde08fda121950b741607

    • SHA1

      e654e807674334967b738057ea6d21b827a0a01c

    • SHA256

      1ed63828c472771cf59e95852088a702e381e3350d9c4cf831ca102d922e611a

    • SHA512

      2e130aa52cb92282085583a893f29fd5af18cc88dcb787235f44de20a287f2818ae71e92091e133a958f4947b3302b325d2592a2860dbf3361c51262098bbc97

    • SSDEEP

      49152:EGlJfs/Qq/vsfccJReTkMBuyJ/WyFMHQh3qrDIHxAUZl1ufBDwPj5dlLYp:5mQq/vsfOu+OLw9yI/Zl1ma1PYp

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks