Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

file.exe
Size

1MB
Sample

230325-lw7y8aec7t
MD5

56617d3d3aab411cebaf09f11a73ad8b
SHA1

863db30371a960f1ab9e3003f6362b19b8604036
SHA256

bddda0c84a90a5ce7eb8ae5aa0451e9e780c763448be9e3a42a7918c8c4e6388
SHA512

94a79ba34f5e83379ba1528279674872886c3cdb488681e700a5362c69f3145fbd38a00de6b101e1bc51de2d5d70319730d38f2fa3f5cce98b32662f4429626b
SSDEEP

49152:EGlJfsZwKS/xsXFcy6/9Bhq2FfdwOyUFrCE89QMSDoov5dlLYp:53KS/2FfIUIdfyUCveDooxPYp

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  1MB
- MD5
  
  56617d3d3aab411cebaf09f11a73ad8b
- SHA1
  
  863db30371a960f1ab9e3003f6362b19b8604036
- SHA256
  
  bddda0c84a90a5ce7eb8ae5aa0451e9e780c763448be9e3a42a7918c8c4e6388
- SHA512
  
  94a79ba34f5e83379ba1528279674872886c3cdb488681e700a5362c69f3145fbd38a00de6b101e1bc51de2d5d70319730d38f2fa3f5cce98b32662f4429626b
- SSDEEP
  
  49152:EGlJfsZwKS/xsXFcy6/9Bhq2FfdwOyUFrCE89QMSDoov5dlLYp:53KS/2FfIUIdfyUCveDooxPYp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader