c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6

Sharing

Copy URL

Twitter E-mail

General

Target

CCleaner.Technician.6.12.10490.Portable.rar
Size

27.5MB
Sample

230520-vdxvzade77
MD5

3daf322c7167332c47b768ec97059890
SHA1

afe3bdbbc5b1285ce14f135a905b652ae3ab3010
SHA256

c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6
SHA512

7dfc44aa1a87427ed019dc3ab2724b23461584e0f8078a0fc0280d3d266778ab4ca18b41c52de98abae039506f4cbe7a267f2181be29664d8aa11aed31511f3e
SSDEEP

393216:wcyHO5JRbpNnZN1fuhmqfyE61oEA2vGDLMt7fW1ghVbBoI1xYvK9vudPX5XDefaR:wXHGJJqLlMt7u8bBogKipiPF/Xa4X

Score

8^/10

Malware Config

Targets

- Target
  
  CCleaner.Technician.6.12.10490.Portable.rar
- Size
  
  27.5MB
- MD5
  
  3daf322c7167332c47b768ec97059890
- SHA1
  
  afe3bdbbc5b1285ce14f135a905b652ae3ab3010
- SHA256
  
  c2b88b7c0e3a630f69c35d3d476a01c38f83fca3efbba10e55188e0264ff56d6
- SHA512
  
  7dfc44aa1a87427ed019dc3ab2724b23461584e0f8078a0fc0280d3d266778ab4ca18b41c52de98abae039506f4cbe7a267f2181be29664d8aa11aed31511f3e
- SSDEEP
  
  393216:wcyHO5JRbpNnZN1fuhmqfyE61oEA2vGDLMt7fW1ghVbBoI1xYvK9vudPX5XDefaR:wXHGJJqLlMt7u8bBogKipiPF/Xa4X
Score

3^/10
behavioral1 behavioral2
- Target
  
  CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner.exe
- Size
  
  32.7MB
- MD5
  
  79c9b293cfcf00a925b9c2de29551788
- SHA1
  
  d9df445c7abb906ef54638865f3faabf2b054b38
- SHA256
  
  8be625c9d9b17ec6529957221ef1ee951803fae647cf74c46382723b46fb626b
- SHA512
  
  bfba25f62c480a21ae85911634cdd3c9f17a976bfcaed1130a5c253aa20a4b1612475c5ebb02b23978938979a7b3d393cb0e94592b81e192d1fcbedeead5deef
- SSDEEP
  
  393216:I0OM+LR8MO0cz36nEy9larq8x2rxrxPCgQ/P9cND0oDtg8XrqNuIpfkl9hSkAePy:78LRFOr3hrD2rtZYHGVFIpg9PgKU
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral3 behavioral4
- Target
  
  CCleaner.Technician.6.12.10490.Portable/App/CCleaner/CCleaner64.exe
- Size
  
  38.6MB
- MD5
  
  964d6247907a943b157f46222b9e0081
- SHA1
  
  59490157579368cb36206f41f6e6a358ffa8d867
- SHA256
  
  6361b1927a8688276f234b01102cc252d1635516ffd2208d9f0c96212bfd0149
- SHA512
  
  8c1ed9885f8c9159cc070c75421655f41ff0671d27c424c7e8774eaf9b18a9521a8153b38e0f555a568f5554dbf5bcb379276327c68761a125ae9ef19bf1ebe4
- SSDEEP
  
  393216:knsB9c3+rEF/mxhPR+GPJHV9sRSCcRhLlDVrqNXzuIIrl9hSkAePYnh:ksB9cOrFPfZXsRSCcn3IIJ9Pg
Score

7^/10

bootkit discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  CCleaner.Technician.6.12.10490.Portable/App/CCleaner/branding.dll
- Size
  
  49KB
- MD5
  
  44eaad1c89dd71258c31c7c4fd00b404
- SHA1
  
  125e71b27ad8371a895b2ee03383b6bc81cdabeb
- SHA256
  
  3fcdf0a04421dc1415c1c3fcf8ea072ad6396ece36d0f67de1a8dc66103e74d9
- SHA512
  
  d6807c7282001198344225f479e39d2b4b8955b1aadbe64b7915160b973bce304645fd05f9810cf005a3eb95510c1e5e880af94236b0f6aff3f506b81fd907db
- SSDEEP
  
  768:zzp6EMd6r10BuYMoH17aiT22DbssEKh6J5nmS2ky2uDDaaCYi/iPxWEdNrBb:zN+4r10fdKEQPKYJqo76PxpF
Score

1^/10
behavioral7 behavioral8
- Target
  
  CCleaner.Technician.6.12.10490.Portable/App/DefaultData/CCleaner/Winapp2.ini
- Size
  
  944KB
- MD5
  
  b44e2c2e59443dfbe362777bec626675
- SHA1
  
  8530fe37794fbf667640e760346867dbee28fb14
- SHA256
  
  c9f05be4f6320624614a3a9af7e653a83d4f5fafe6eb21b3ed3ad3aca75acad2
- SHA512
  
  19f72895e4dd3032a5132d1ac6f23a798e5676b1d233276121aa713bae95f3b353ffe84fc86c90e8dbbd10959b27f7415d0983717b832480746f30f5a066068a
- SSDEEP
  
  12288:4FZg2wFqiMpykyaMdccHoozgQKwmYr/p4xxR+7j3NsLEQAI/CYltS34YbiU/XFJT:RFu7AI/CYEh
Score

1^/10
behavioral10 behavioral9
- Target
  
  CCleaner.Technician.6.12.10490.Portable/CCleanerPortable.exe
- Size
  
  83KB
- MD5
  
  5aeed26e8407efdba31fc41fbe2014dd
- SHA1
  
  d3284d5441d3c5ec9fa50c0aba100ed0d93f5c79
- SHA256
  
  c63a1798b3d1884fd9fefda4a4fca2692ac14c56252b8238c55ce2f00edfb5f8
- SHA512
  
  df1fda897f5a92cb9569fb9139656fd0f80f4b4f8c430e6fcfa246221cc0810157b3fd5a7772203f969f71471964345420e1635538adee5ee199a0aba1f44e28
- SSDEEP
  
  1536:MQpQ5EP0ijnRTXJeTHUAQBKnTu73/Cp1jnFYicR5Ca7S1gU5kE4s:MQIURTXJeTUAQBma73/Cbnr45Ca76gTs
Score

8^/10

bootkit persistence
- Drops file in Drivers directory
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral11 behavioral12
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Data/CCleaner/Winapp2.ini
- Size
  
  944KB
- MD5
  
  b44e2c2e59443dfbe362777bec626675
- SHA1
  
  8530fe37794fbf667640e760346867dbee28fb14
- SHA256
  
  c9f05be4f6320624614a3a9af7e653a83d4f5fafe6eb21b3ed3ad3aca75acad2
- SHA512
  
  19f72895e4dd3032a5132d1ac6f23a798e5676b1d233276121aa713bae95f3b353ffe84fc86c90e8dbbd10959b27f7415d0983717b832480746f30f5a066068a
- SSDEEP
  
  12288:4FZg2wFqiMpykyaMdccHoozgQKwmYr/p4xxR+7j3NsLEQAI/CYltS34YbiU/XFJT:RFu7AI/CYEh
Score

1^/10
behavioral13 behavioral14
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/Source/CCleaner.ico
- Size
  
  18KB
- MD5
  
  34a97908449c77fe6eb3dd36e6504d45
- SHA1
  
  f04a09f0f74714fcbfffc475bf749b56c8a25c2e
- SHA256
  
  e53228b0a17a8876ed337e0f23b653056036f21da0eb16c68ec7f427f3e2f9a1
- SHA512
  
  cd84569bd13f3a60bbf04599696bb37eb897c0a2da3693433db050d6d545918200b00001ebed896c529f47429fcc54082cd35de51af7b720cf00b6c6b3b42662
- SSDEEP
  
  384:qDbknhPp6G+05FGZq6hq1dCSLQQB2DsDMVy:cknhR3CHhqXQQB2DsDH
Score

3^/10
behavioral15 behavioral16
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortable.nsi
- Size
  
  7KB
- MD5
  
  72cf3fea8bb60b5aeaf3a9d149dc001e
- SHA1
  
  af93cf58fdad6d165345129df3a283c87e2fa964
- SHA256
  
  41bf7f7b142b9b6cbef6a056b32a6aadd3c3516c57a7014b0a793c1b545cc10a
- SHA512
  
  94f65ab617a980fb0fec6b332a28bd260cc2d5ae01fd5ae916b52d32905f75499344155c41f56aa320c8c624992e294e22560c9d8b94a5021d5006e3fe91e9bb
- SSDEEP
  
  192:0USjHN+9CLELx4IVL25hOZLQJdwvIHsGJT9tq71vmtqE:0USjHN+MLELx4IVLgsuJdUIMyC5vmtL
Score

3^/10
behavioral17 behavioral18
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/Source/_CCleanerPortableInstaller.nsi
- Size
  
  17KB
- MD5
  
  0bb9a76eb7d3ec27349c7a4865ae820b
- SHA1
  
  8893c96ec64383da352e3cc9e6c5e46cc1e9e041
- SHA256
  
  8bb0edc9deb8f63faa50e8c51ec62f919ba3c55eaa33702545dd36b5d49ba5c4
- SHA512
  
  f94e8985c545ee5f558874e718237c5fb201b21e5d1dac486ac7d752e65c4473d444c7f44ca2487e9108e1f225cafb981dd99477cbe934dc550d6ac1105999ef
- SSDEEP
  
  384:QBUAU2Hy+zKlJ1O3fRqqIgwrHioXmKdTRgpxd/D40kkxYj2w6dkRlOa/gqeHh++C:QBuaav
Score

3^/10
behavioral19 behavioral20
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.dll
- Size
  
  1.1MB
- MD5
  
  1d609dde1bf42bd586dc6ffd9baec9ad
- SHA1
  
  5fbef0f1da6ddb894e66ec9fb2940b2a6e2528c4
- SHA256
  
  8621c36f640b15e24432289fa6576cfc0650b58ec7dc4e9bb368f770a7d1e063
- SHA512
  
  d47b3aa894051df6b95dd8b691d8547cd2ab6f483f2d9251e17eb04487c89fbd109f64bf2bfbc37c907436af5a9af71493d70bd5497f155dc0d79123c141ccc6
- SSDEEP
  
  24576:k//aDLAVLLZmB2jv1ZQbsx74v1ccjeIMasrPCjn/+WSiL+t:k/ELAzmB2jv1ZQb5vP+Cj+WSW+
Score

3^/10
behavioral21 behavioral22
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/7-Zip/7z.exe
- Size
  
  322KB
- MD5
  
  e96ca76c61c71b3f424659d34a70e55e
- SHA1
  
  2f2fc7fd4d9bd3700e24fc74edb0993f224cd782
- SHA256
  
  604bbefa936ec531bad588a0faaf7df22d9b0187afda4fac1c04018948e831fc
- SHA512
  
  563dc747f0d3dd79b8ea5caf8e487273645a38638cf06099db114108233fda002dfd189bafb57255c7b300b2270c1d1783394a6d9ee0eac7113329ae39ed4373
- SSDEEP
  
  6144:7+FT3ZEFMicDwJytw9ppYII4n0nNF8Ar08gz+f6dI7r/DNI:7+wMiFctw9pCIh0nNPr/gwrNI
Score

1^/10
behavioral23 behavioral24
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.bmp
- Size
  
  51KB
- MD5
  
  6e9d8e8699f0accc27aa9a1aac8b7e47
- SHA1
  
  49caad3187ae8708b36889cad40a959679b52f25
- SHA256
  
  fbddcd7882e0cf80452e58356e4d497ee6f08921665e27bd86049a0bb60d6be9
- SHA512
  
  84f00c25371c6394e2a96640a344f1d7f9d35a2cf9080565cb03f3ae2f14bdbef05e3597a7943faadc201e847ada2ac0843347a375a58e267cb0948e397a226b
- SSDEEP
  
  384:CaMEOFCq0dsgN/Lf53J/Q3BZCeVMz6aIlmXDT2lw6F0e53+Q09cPc/dSP:XMEyX0dF//Q3bCekBiFpHAi
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral25 behavioral26
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/Installer.nsh
- Size
  
  5KB
- MD5
  
  45af5430552609fe766493dd02fbc3b8
- SHA1
  
  8e912d9bd4b72cf15fc4a1346f2cc677beb29161
- SHA256
  
  4d2de35891814dd77ec372f3d9204813a30c3e89512768d4db283a76d07e3194
- SHA512
  
  cc3228a6e531381d20da09d374a1b1d3d0583f82278f5c3578d0e98e1888bb3ce66bef5b44510cccf3b5db4abfe6bbab660fa7c703ddbaebbc7d9e4a25bab9e9
- SSDEEP
  
  96:8Yu0E183yDYr0NUNojOf7uKlSVdeY583RBJns3HeB8TgQ:8t0E18CDYr0NUNoCj5LY8Vs3HvTgQ
Score

3^/10
behavioral27 behavioral28
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/Launcher.nsh
- Size
  
  14KB
- MD5
  
  526ef23976b8e0e0d9c23ce575cc91ca
- SHA1
  
  335bde5372f9c36a6d668d40915163cbf341fbb8
- SHA256
  
  b86841e8407d81da7bc51965e58a26a41a6760e2ef62489a5fca2f8830c2bb53
- SHA512
  
  d66772ba0999c3f75f2a6dfc7fb68d50621cbeff6bcc3213145018a8c9a48e591f2e4a76f087e0ab05155c67cfff746f7c74f45550c5dc463cd4c4df93627ccf
- SSDEEP
  
  384:gXzl1lm5uEVRLwEzVEaOQm0bSxkKp7ELpI6RhfaNUdK2HhqJ9mzU/YMI7p2wFozl:yzl1LXQm0e2KJypI63S2g2UICMph05/P
Score

3^/10
behavioral29 behavioral30
- Target
  
  CCleaner.Technician.6.12.10490.Portable/Other/_Include/Splash.bmp
- Size
  
  42KB
- MD5
  
  a4f20461b93fe1c21bb85fa6a01db6b5
- SHA1
  
  7f44b55285fa5da77708ccf07d1b5fca6cac346a
- SHA256
  
  e40d812697c440bb47ba4c1d33b41bb0e9b984b24fd724febac747e229915f42
- SHA512
  
  bf735429294ce6e39b80e82e6677802548ea4e8463113dc10b49d249bc4bb65d03fb9cdcea5cabd73c157b75435e06211747b6837575e67665b464a5eb50003c
- SSDEEP
  
  384:U0MF+uAzAq21Wb9ElgniP+MawBcl6kD6T+Q9l2:LkAz3bb9EOniROD6Tbm
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Checks computer location settings

Drops file in Drivers directory

Loads dropped DLL

Checks for any installed AV software in registry

Writes to the Master Boot Record (MBR)

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32