General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230328-rnzkrsbe36

  • MD5

    40cd55048f88789ccd408542e4aa312d

  • SHA1

    427e60579b5ae75ea2210b369f7c2ff0c8130959

  • SHA256

    b5752b74a06415c0a9d6b72a48d2b6a2eac2bba6b59657ed8118eb0d53c8fb11

  • SHA512

    e0f559be3d632e2ec3be0cce06217770ab58795e2fca8f90971375fea8cb6add6bb1499debe436acd1d337145f84acfab1de2b14f51f39d59df3af877e9142fe

  • SSDEEP

    49152:EGlJfswEH49txWLt5xGh8fcR+m+9f4v6ZV/5AU6CKWCq5dlLYp:5+mStHEkwo9fo6L5AU6CKBIPYp

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      40cd55048f88789ccd408542e4aa312d

    • SHA1

      427e60579b5ae75ea2210b369f7c2ff0c8130959

    • SHA256

      b5752b74a06415c0a9d6b72a48d2b6a2eac2bba6b59657ed8118eb0d53c8fb11

    • SHA512

      e0f559be3d632e2ec3be0cce06217770ab58795e2fca8f90971375fea8cb6add6bb1499debe436acd1d337145f84acfab1de2b14f51f39d59df3af877e9142fe

    • SSDEEP

      49152:EGlJfswEH49txWLt5xGh8fcR+m+9f4v6ZV/5AU6CKWCq5dlLYp:5+mStHEkwo9fo6L5AU6CKBIPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks