General

  • Target

    IntelliJ IDEA 202233 Crack Activation Code New-2023 Free.zip

  • Size

    1.5MB

  • Sample

    230330-rlr3xaed8x

  • MD5

    c010278f85a6840bfac79de0f3fc7c87

  • SHA1

    b0f0fe2647a7410cf1929db8a231e3c794956980

  • SHA256

    ae2b42fad435889264d8dcc955dca011e856b95c1216c5ebe24a566044686c33

  • SHA512

    6edf912ea94c6da7bb7769ad062228f0e78f95089282cb83ce3ae150a689e96abb82250500220c763a065a828c7d4a804ddaf1e2c1c70d69b0945a37a2f76733

  • SSDEEP

    24576:c4nXubIQGyxbPV0db26pKn+vogz2dbFFv0S6dS/01icZOEOR5Qv+f:cqe3f6y+DidXvh6dS/04OOR5Qv+f

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      IntelliJ IDEA 202233 Crack Activation Code New-2023 Free.exe

    • Size

      1.5MB

    • MD5

      af66449e69fae0a288e32db0acdc4e9e

    • SHA1

      c86dc83cdf774f771a58253cf709e7763e3c8ad6

    • SHA256

      82e40ce55599afa4e23c5736f7ef1c61331bfa1185ef1de00420f73789c10243

    • SHA512

      c942644be4d282ff8c639db465f9b6c0e19709a681c210c95004c57e22b1f693080b9e2da09f0e5df7f12bddc498fc7238cfeea9e773113645cf40bf094f0c84

    • SSDEEP

      24576:N4nXubIQGyxbPV0db26pKn+vogz2dbFFv0S6dS/01icZOEOR5Qv+t:Nqe3f6y+DidXvh6dS/04OOR5Qv+t

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

1
T1005

Tasks