General

  • Target

    83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a

  • Size

    3.0MB

  • Sample

    230410-svj94aec38

  • MD5

    9ce497f9fcb40cf830a32e465a6d3065

  • SHA1

    919a4f641af9b7e739f5de4ab10c8138c4aea5d2

  • SHA256

    bcdff75cf29491be65435d6e95bdf06e0ad574027a5bb6251a8ba8d5bc2b7e07

  • SHA512

    cf7236d1c03bf8fcdffc3d02fda70a3a4a9b15a3d5e21e16291bc99fb8761c62dd1c06c21c0e78009c437d6abd8697b18f5fded767c7227497eabbe0a78abb60

  • SSDEEP

    49152:U+2Pn4rHTRwIa0GppQUXTN2U//MWDTkCHmXnEIytVQFpcv/bDlWTyQL:iPgtwBrjN/RdHg0tVnbJWma

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a

    • Size

      3.0MB

    • MD5

      67e7d4fcd2ef117fcb034190a100ef7e

    • SHA1

      787b2c8372cc61c7de142439e5346971e2003e93

    • SHA256

      83ec2ce52ae6f243d5597ccf58111942cd48d52952337864964ac29fe4dea03a

    • SHA512

      45d66912e9af4f6d51db860f914fe5026d1c91e71e113bf1f9c9637b0f4d1f4cb79de39db3cd9537fd13fffb1c48357308a670c0eb3bf9cfdad1fd459ce4f1d5

    • SSDEEP

      49152:qGlJfsV+sv34rhbRIYaKGxZqUNTF2o/ZOWDnq6HydTCOk5VcF1cRbNDBWHygU:7cv+1IfB5Fj3HHCM575NVWSt

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks