Overview

overview

10

Static

static

1

ce53630e16...5f.exe

windows7-x64

10

ce53630e16...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c539e1b35b57d8924a24e156bfcc7975.bin

  • Size

    223KB

  • Sample

    230402-cfdwrsfd6x

  • MD5

    6747551f0226824d95698cd110f39099

  • SHA1

    089ca67bbec47ab77e0ec831eed75129ce631c8f

  • SHA256

    430356796b9d5900277a024b887d8f4153fcbe2cd49e7cb4791a4c1b1eb8e914

  • SHA512

    78da6e8a6833d4ec76063fb6d33c2fe6e0309837596b3d270441122ea50eae77c0db9eb58717c2f428f1ea352d0b90efcb084304bed31fbc3f1c439f98d13d2c

  • SSDEEP

    6144:O8sYx34ETq3wSbx7SWTBuVqWDgNVR4fp3GzaWljbjkMW7FIsI:X3x3V8t7SWTBKNcmd0Xfkn7Fq

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f.exe

    • Size

      286KB

    • MD5

      c539e1b35b57d8924a24e156bfcc7975

    • SHA1

      41be2de44376f7cc477d9213867f288702fc9a8d

    • SHA256

      ce53630e164fefbd80810e812308044a6c6705ae6c797aa680c0952b1b28c15f

    • SHA512

      8019d2e229244e74228fc1dbe1ac0a21eca864ab355e70ac54c29959c31f12511883f5ea218e424e81cb511183e7fabbe0f3bc87c9d3bd7436bfe42c58ee56b9

    • SSDEEP

      3072:PpyvhHX7mjjOOM+WCBSi1pm64MlT6pb7gI7DOr2mntlMwGiphVBVda5MWaOiuCPg:xSCjvhbmWlQ7PyztHphna5DRiuIq59P

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks