General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230328-wva8zaea9s

  • MD5

    c707563d073332ea3c40d15197b25de2

  • SHA1

    425a9f25d638e5ae791d4ec0969b5f119afd9043

  • SHA256

    4cf0cf3a0b856198ae76247b43b6b2f9f7d92f31d4b131ca8b3a9ec46f0964a1

  • SHA512

    b89fe8fae2a1af0d50c26123e02a7c0301e34815f9796150305dfbb61d73d9000f60450dca2623d2614cb9652f204bf87c36ff2703f5aeb07107139c9f133be9

  • SSDEEP

    49152:EGlJfsUsCSwYqUGz+1yQMYhIcyYueJnf9zV9Rg0IafR/5dlLYp:5NlFTUw+wpx9qf9B9a0IaffPYp

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      c707563d073332ea3c40d15197b25de2

    • SHA1

      425a9f25d638e5ae791d4ec0969b5f119afd9043

    • SHA256

      4cf0cf3a0b856198ae76247b43b6b2f9f7d92f31d4b131ca8b3a9ec46f0964a1

    • SHA512

      b89fe8fae2a1af0d50c26123e02a7c0301e34815f9796150305dfbb61d73d9000f60450dca2623d2614cb9652f204bf87c36ff2703f5aeb07107139c9f133be9

    • SSDEEP

      49152:EGlJfsUsCSwYqUGz+1yQMYhIcyYueJnf9zV9Rg0IafR/5dlLYp:5NlFTUw+wpx9qf9B9a0IaffPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks