General
-
Target
file.exe
-
Size
1MB
-
Sample
230326-awr28aeh24
-
MD5
e05502a1e3564e1eb7d2825656a37da3
-
SHA1
3eef8f3fd3186c60c50347c773a501ee0324161a
-
SHA256
c24e160a7ac7effdff8fce20a39fe043de0a57b5d5514ec2ea59fd1809822906
-
SHA512
87ebfe7080f8ec62c9388ea0e1d2f2c7a71a4d0c5ce1272eb0106c4a61c0b31ac36f39896d377f081520fdee1280afd21dd20c7a6a4b8c72d682a93d68338eb2
-
SSDEEP
49152:EGlJfsLiq6c024bnUjrG273Kr2NY5mq5ZpD5dlLYp:5HO0dDHYKq/q5ZpNPYp
Malware Config
Extracted
gcleaner
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Targets
-
-
Target
file.exe
-
Size
1MB
-
MD5
e05502a1e3564e1eb7d2825656a37da3
-
SHA1
3eef8f3fd3186c60c50347c773a501ee0324161a
-
SHA256
c24e160a7ac7effdff8fce20a39fe043de0a57b5d5514ec2ea59fd1809822906
-
SHA512
87ebfe7080f8ec62c9388ea0e1d2f2c7a71a4d0c5ce1272eb0106c4a61c0b31ac36f39896d377f081520fdee1280afd21dd20c7a6a4b8c72d682a93d68338eb2
-
SSDEEP
49152:EGlJfsLiq6c024bnUjrG273Kr2NY5mq5ZpD5dlLYp:5HO0dDHYKq/q5ZpNPYp
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation