General

  • Target

    7c8bc88fc4dcde08fda121950b741607.bin

  • Size

    2MB

  • Sample

    230324-b5lr8sde2w

  • MD5

    fb668596573581236ea3280ff3355d62

  • SHA1

    81b15f11b88579e34e6de21212267b843e05ddda

  • SHA256

    08ce08e41c6593a6a9907df7c20461f94de3fe3266abdfa65e671be3b3797e43

  • SHA512

    91c08bbf3d00c74a3a8706128f1a3a2215e4f1484412e5b71c9982e66d84f0eda7c77a38bba641e89270674dddc681086c49458119911dc1e4d0844fcba99f84

  • SSDEEP

    49152:7JDoeJN817ttSlbvW9xW3bakUesPgv+m6LChyxfEBzZ:VDoDSlSa+eSsX6LJyBzZ

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      1ed63828c472771cf59e95852088a702e381e3350d9c4cf831ca102d922e611a.exe

    • Size

      2MB

    • MD5

      7c8bc88fc4dcde08fda121950b741607

    • SHA1

      e654e807674334967b738057ea6d21b827a0a01c

    • SHA256

      1ed63828c472771cf59e95852088a702e381e3350d9c4cf831ca102d922e611a

    • SHA512

      2e130aa52cb92282085583a893f29fd5af18cc88dcb787235f44de20a287f2818ae71e92091e133a958f4947b3302b325d2592a2860dbf3361c51262098bbc97

    • SSDEEP

      49152:EGlJfs/Qq/vsfccJReTkMBuyJ/WyFMHQh3qrDIHxAUZl1ufBDwPj5dlLYp:5mQq/vsfOu+OLw9yI/Zl1ma1PYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks