General
-
Target
Microsoft-Office-Pro_AXUdx5sk.exe
-
Size
3.5MB
-
Sample
230323-xss7fahf34
-
MD5
793c091d621ab270b4d7d8993a524ed4
-
SHA1
a71ba72c3806a01342fdbd5d44eef61394d4070e
-
SHA256
b13eb5dae6302c922ea00378babc97b214e90cf6e2e0b37e67fd6b82c4b38db9
-
SHA512
f35d79a0ac8a29669672de82b8cbe90a9d80735dd99b4b72817ce9a7f5b8a21c58e9f79e95f87f8259ec607921d23e266744611b7ae386c4f54ef4de0dbb4d38
-
SSDEEP
98304:LOhfS5oFTjvvhWUPrJC9DRczor/PgTyCMQmR8Ud12Fohv:yhfhTjv5jrJaDRUsoR+s6v
Malware Config
Extracted
gcleaner
85.31.45.39
85.31.45.250
85.31.45.251
85.31.45.88
Targets
-
-
Target
Microsoft-Office-Pro_AXUdx5sk.exe
-
Size
3.5MB
-
MD5
793c091d621ab270b4d7d8993a524ed4
-
SHA1
a71ba72c3806a01342fdbd5d44eef61394d4070e
-
SHA256
b13eb5dae6302c922ea00378babc97b214e90cf6e2e0b37e67fd6b82c4b38db9
-
SHA512
f35d79a0ac8a29669672de82b8cbe90a9d80735dd99b4b72817ce9a7f5b8a21c58e9f79e95f87f8259ec607921d23e266744611b7ae386c4f54ef4de0dbb4d38
-
SSDEEP
98304:LOhfS5oFTjvvhWUPrJC9DRczor/PgTyCMQmR8Ud12Fohv:yhfhTjv5jrJaDRUsoR+s6v
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Modifies Windows Defender Real-time Protection settings
-
Windows security bypass
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-