General

  • Target

    b108df4182d465644289ca8d625ffbf9.exe

  • Size

    3.0MB

  • Sample

    230410-rny91abf4z

  • MD5

    b108df4182d465644289ca8d625ffbf9

  • SHA1

    cd67096e7096ba17d279825711499625a2b21c9b

  • SHA256

    3855e86e415a59e0b4a3641ca1d0620c2ebc5832bec90ba30ff017848de0f50e

  • SHA512

    a1213a83fa503bea2ed61951e11705a759458db2bc9b2a0b4e76a9c613533f7644e654ae74a74e8ab1b323943ccf5ebc80d92330e42e848dd397869918fbfa99

  • SSDEEP

    49152:zGlJfsYV48BkoYAJowu8KEgxAu5eknLSrPgyt3nHUeHAWAgtwyZpDzsehHNpAKoo:qu8Jgx127t33wguGDoetZ9WSt

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      b108df4182d465644289ca8d625ffbf9.exe

    • Size

      3.0MB

    • MD5

      b108df4182d465644289ca8d625ffbf9

    • SHA1

      cd67096e7096ba17d279825711499625a2b21c9b

    • SHA256

      3855e86e415a59e0b4a3641ca1d0620c2ebc5832bec90ba30ff017848de0f50e

    • SHA512

      a1213a83fa503bea2ed61951e11705a759458db2bc9b2a0b4e76a9c613533f7644e654ae74a74e8ab1b323943ccf5ebc80d92330e42e848dd397869918fbfa99

    • SSDEEP

      49152:zGlJfsYV48BkoYAJowu8KEgxAu5eknLSrPgyt3nHUeHAWAgtwyZpDzsehHNpAKoo:qu8Jgx127t33wguGDoetZ9WSt

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks