General

  • Target

    file

  • Size

    2MB

  • Sample

    230325-bl6cjace3t

  • MD5

    214811e792b69344c84b2f31c81742cc

  • SHA1

    61d2173bfb836ea8acb0ee9dab44e51b4b8d7158

  • SHA256

    5637aef3fb43a418cd5bb036103fb3f7427e5062c5d23e14ab3b65c7d87793ec

  • SHA512

    bfa2f2e168e46d9fe7ea69d19a40c4a15f249d1155c2a574e714903cf2300a9e039272a388983e4f76bf79d63a43ac219b47c8c4424ed07ea5c50d78201dbbc3

  • SSDEEP

    49152:EGlJfsR9+UfJuK3iLMYX0yysI6rWDoV+PukCavPycEaD2LhT25dlLYp:5IEouKmMoSsI66DoPkzvo1IPYp

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file

    • Size

      2MB

    • MD5

      214811e792b69344c84b2f31c81742cc

    • SHA1

      61d2173bfb836ea8acb0ee9dab44e51b4b8d7158

    • SHA256

      5637aef3fb43a418cd5bb036103fb3f7427e5062c5d23e14ab3b65c7d87793ec

    • SHA512

      bfa2f2e168e46d9fe7ea69d19a40c4a15f249d1155c2a574e714903cf2300a9e039272a388983e4f76bf79d63a43ac219b47c8c4424ed07ea5c50d78201dbbc3

    • SSDEEP

      49152:EGlJfsR9+UfJuK3iLMYX0yysI6rWDoV+PukCavPycEaD2LhT25dlLYp:5IEouKmMoSsI66DoPkzvo1IPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks