General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    230624-mxs25aca9x

  • MD5

    bd1b8f79433c29955278c3fbcd9096f9

  • SHA1

    07f2592afa191014ead41399639c11bdf8424609

  • SHA256

    bf1e6887eae7ff57e6ce8355e63829532807b64599c60c2a378faad2522f3ce5

  • SHA512

    fd1cdaa93523f9ad8129852a231e019309a7ab34ec4776b2dde27224b3d42749fe99e816897f8cd9e1452c57774c2d7705c0aa382e3a1b53e50c3c8efd15a76d

  • SSDEEP

    49152:zGwPVIUWxUXbEx5Eo0C3emuRggECvbWh+5aUUwqQC6fN6O:qwK6PLCO/5vbWyaUuQCwYO

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      bd1b8f79433c29955278c3fbcd9096f9

    • SHA1

      07f2592afa191014ead41399639c11bdf8424609

    • SHA256

      bf1e6887eae7ff57e6ce8355e63829532807b64599c60c2a378faad2522f3ce5

    • SHA512

      fd1cdaa93523f9ad8129852a231e019309a7ab34ec4776b2dde27224b3d42749fe99e816897f8cd9e1452c57774c2d7705c0aa382e3a1b53e50c3c8efd15a76d

    • SSDEEP

      49152:zGwPVIUWxUXbEx5Eo0C3emuRggECvbWh+5aUUwqQC6fN6O:qwK6PLCO/5vbWyaUuQCwYO

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks