Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.7MB

  • Sample

    230412-wh1cbsfd51

  • MD5

    4b8ea5598f2b38f21b81fa2067306302

  • SHA1

    1113bcc3abc625724757fd1368d03a50af9138a4

  • SHA256

    7848d4e5adc7034e32b63d9d09414f770117f12cd1f0cd2a4643b0d5e58207d1

  • SHA512

    76c973a312894327341d0a44014227f4ea1dfced2ec903cf934a2057ca9f701e83098bf587bf45919de3253fbfb770457022f35909b9941bf61fc0ba36eed8d4

  • SSDEEP

    49152:zGlJfsUp6qqY4/9Zf2YkBnGZlIacuzaH7pslSnCb+ZPYEA8A01iIodPCD0B2V+la:qvRqY4/9ZLqn62tbSeASAiAeoO00VCgL

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.7MB

    • MD5

      4b8ea5598f2b38f21b81fa2067306302

    • SHA1

      1113bcc3abc625724757fd1368d03a50af9138a4

    • SHA256

      7848d4e5adc7034e32b63d9d09414f770117f12cd1f0cd2a4643b0d5e58207d1

    • SHA512

      76c973a312894327341d0a44014227f4ea1dfced2ec903cf934a2057ca9f701e83098bf587bf45919de3253fbfb770457022f35909b9941bf61fc0ba36eed8d4

    • SSDEEP

      49152:zGlJfsUp6qqY4/9Zf2YkBnGZlIacuzaH7pslSnCb+ZPYEA8A01iIodPCD0B2V+la:qvRqY4/9ZLqn62tbSeASAiAeoO00VCgL

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks