5e028433358fa40f86a032370b0751712ad5a58f1c1817702ef24b2ba7f78782 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

CCleanerPo...64.exe

windows7-x64

7

CCleanerPo...64.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

CCleanerPortable.rar
Size

27.9MB
Sample

230425-e23hcsgd83
MD5

c851ee7dcd5b02fa326298ebf3a4e7d5
SHA1

20210613b187bd1e424506777db106d9daf8e95f
SHA256

5e028433358fa40f86a032370b0751712ad5a58f1c1817702ef24b2ba7f78782
SHA512

dd4c0b8b796b7dd43fd243d3ed5a12954870125a8987a9e18ed49e2aaa8e3a7875fa5e478468102696bb6445a972f6519340b4ed7d8999cf9f8148a3c595e6e8
SSDEEP

786432:do2htg40g1J+gHK8wyODTTQ8Zwsp7VinrJ4pKrnfNM+FkHDpr/:doGtg40gr+gq8wyMZppinrlTfNFkjpT

Score

7^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

CCleanerPortable/App/CCleaner/CCleaner64.exe

Resource

win7-20230220-en

bootkit discovery persistence spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

CCleanerPortable/App/CCleaner/CCleaner64.exe

Resource

win10v2004-20230220-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  CCleanerPortable/App/CCleaner/CCleaner64.exe
- Size
  
  37.2MB
- MD5
  
  e95ec48a87f2678c5d3e56b0ce6d62e3
- SHA1
  
  67c9170d6959e2f0ecf207485d6cff1c54b865fd
- SHA256
  
  b1a39b80a44eaf7d840e6ea44278e51c0ded2f74c8e71b54a3c4e9c1cb8d3397
- SHA512
  
  395c74abfa710d7d6089ba5c4c97bb193cbd2d94df56d96f9f26c844f41765a89f70473ed4b8e3af73a3c11a30a87c3b169969cb04057aee672927d4b902b65b
- SSDEEP
  
  393216:kaZt9YfmEt2Fi4A5NrOFdjXeiITlfFrqNwIIDlQhSEAewYnh:koumA2zAahOieIIRQ7H
Score

7^/10

bootkit discovery persistence spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy