General
-
Target
file.exe
-
Size
1.7MB
-
Sample
230328-sx2l6abg56
-
MD5
96d2c62bc193a4785f651fe072300b30
-
SHA1
e626ae2ed82c09e4b72f4f1b4b3641740271bc56
-
SHA256
2c0f47d473410fdfd98c793a99d9f3343db063ebbe99d321858ba4763004494a
-
SHA512
e399d45c17ebbccebe756cd63f3837f216737aaa6bd2e0e9c9e9e89914e78bd0a9ba79d4a6dce73b17dbb4e25e1acda2bf1cb3f9ed44ae5e5da1242a462bc782
-
SSDEEP
49152:EGlJfsF4O0c9yLts8kWYBh/JbFCuS+VHYZ5dlLYp:5QPkYBh/JxCK4/PYp
Malware Config
Extracted
gcleaner
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Targets
-
-
Target
file.exe
-
Size
1.7MB
-
MD5
96d2c62bc193a4785f651fe072300b30
-
SHA1
e626ae2ed82c09e4b72f4f1b4b3641740271bc56
-
SHA256
2c0f47d473410fdfd98c793a99d9f3343db063ebbe99d321858ba4763004494a
-
SHA512
e399d45c17ebbccebe756cd63f3837f216737aaa6bd2e0e9c9e9e89914e78bd0a9ba79d4a6dce73b17dbb4e25e1acda2bf1cb3f9ed44ae5e5da1242a462bc782
-
SSDEEP
49152:EGlJfsF4O0c9yLts8kWYBh/JbFCuS+VHYZ5dlLYp:5QPkYBh/JxCK4/PYp
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-