General
-
Target
file.exe
-
Size
2MB
-
Sample
230325-kxqkwsca22
-
MD5
81ea77f0de56625b59aa4ff8e3e3a2e4
-
SHA1
c899a6f213c01d6dd3c11e7f083a057d2014c6ba
-
SHA256
8b6a14bde2459c703d7dc310237e77b5f873cae50f3f11c03e1272d332ab3f68
-
SHA512
710339b903c6375fa2417a75bc919e0633c1ea5d04a66a3c216ec40e3879ae1ff0e66c25847ea977af3667bfc4fd6ca34ded4b1a1b5b6dbd53273d64b2612eaf
-
SSDEEP
49152:EGlJfs/El+62dmS6LJXxWe2Ev7EWw68M3Bt97yYHUIzBjT5dlLYp:5MElhAmRNBWYvQn68oL0I/PYp
Malware Config
Extracted
gcleaner
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Targets
-
-
Target
file.exe
-
Size
2MB
-
MD5
81ea77f0de56625b59aa4ff8e3e3a2e4
-
SHA1
c899a6f213c01d6dd3c11e7f083a057d2014c6ba
-
SHA256
8b6a14bde2459c703d7dc310237e77b5f873cae50f3f11c03e1272d332ab3f68
-
SHA512
710339b903c6375fa2417a75bc919e0633c1ea5d04a66a3c216ec40e3879ae1ff0e66c25847ea977af3667bfc4fd6ca34ded4b1a1b5b6dbd53273d64b2612eaf
-
SSDEEP
49152:EGlJfs/El+62dmS6LJXxWe2Ev7EWw68M3Bt97yYHUIzBjT5dlLYp:5MElhAmRNBWYvQn68oL0I/PYp
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation