General
-
Target
file.exe
-
Size
1.9MB
-
Sample
230328-wva8zaea9s
-
MD5
c707563d073332ea3c40d15197b25de2
-
SHA1
425a9f25d638e5ae791d4ec0969b5f119afd9043
-
SHA256
4cf0cf3a0b856198ae76247b43b6b2f9f7d92f31d4b131ca8b3a9ec46f0964a1
-
SHA512
b89fe8fae2a1af0d50c26123e02a7c0301e34815f9796150305dfbb61d73d9000f60450dca2623d2614cb9652f204bf87c36ff2703f5aeb07107139c9f133be9
-
SSDEEP
49152:EGlJfsUsCSwYqUGz+1yQMYhIcyYueJnf9zV9Rg0IafR/5dlLYp:5NlFTUw+wpx9qf9B9a0IaffPYp
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Malware Config
Extracted
gcleaner
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Targets
-
-
Target
file.exe
-
Size
1.9MB
-
MD5
c707563d073332ea3c40d15197b25de2
-
SHA1
425a9f25d638e5ae791d4ec0969b5f119afd9043
-
SHA256
4cf0cf3a0b856198ae76247b43b6b2f9f7d92f31d4b131ca8b3a9ec46f0964a1
-
SHA512
b89fe8fae2a1af0d50c26123e02a7c0301e34815f9796150305dfbb61d73d9000f60450dca2623d2614cb9652f204bf87c36ff2703f5aeb07107139c9f133be9
-
SSDEEP
49152:EGlJfsUsCSwYqUGz+1yQMYhIcyYueJnf9zV9Rg0IafR/5dlLYp:5NlFTUw+wpx9qf9B9a0IaffPYp
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-