General

  • Target

    5b8cad8745bc9ecb60119026d233bc10.bin

  • Size

    1.8MB

  • Sample

    230329-bpfahsfh6v

  • MD5

    6f0a842938469801ab67f6ee073b7517

  • SHA1

    acf96c4a0773f292dcf44d04549945c613c6d3a5

  • SHA256

    e65fc0a7ff248c4a2266ead1981578adbc30f4bcaa0f4a1fff79df2dff97b56a

  • SHA512

    1cdf434577205631bb3f1d0b2c6631ee4e1419049d5c9cdc7e196fde2a1d303936477aa04200e5e643e98eecd9c0f447e663486d29487658893d897c607c8442

  • SSDEEP

    49152:Nhf8VKeIzFZ791i0ESNHGkEPwTMo1atlmz:Tf8MeIzTi0ESNmVPnoVz

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      03803dc71c996ce8a0dc7fb6aff2fd8f7623d803e3740eb38de13208ddcfbde7.exe

    • Size

      1.8MB

    • MD5

      5b8cad8745bc9ecb60119026d233bc10

    • SHA1

      52753d7a2ea01ee3f7f5d81600d60d5a6441a862

    • SHA256

      03803dc71c996ce8a0dc7fb6aff2fd8f7623d803e3740eb38de13208ddcfbde7

    • SHA512

      f44a7bb25c4754b2531aa027ca7ba0f51758c52f3a735b11e9b9c2c257c038c2e39d3c4d2ab8ef7fe055942e9289acf4e2712463dfa7a0ea4bc8b3f08ea36b90

    • SSDEEP

      49152:EGlJfsBSf+lyU0HPU1fFIUDFLKMSGWXxyyxg8rN9l2SJEG5dlLYp:5kOUUefFbZ9SGWV3ZfJEMPYp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks