General

  • Target

    file

  • Size

    2.0MB

  • Sample

    230625-gc27eaeb7z

  • MD5

    eba9531805b1577ae2a8911bcc6d2b04

  • SHA1

    ab354a9b2b09f18e7b40f4f47025256148d9f788

  • SHA256

    a9d91b57e0d37b08b87d1f616b937ee756c6e006e3e8a0de21c8eab981e921d1

  • SHA512

    419da7e7893323a464ee5a3189422fa4012aafa7b47f81c6908d9385a0d22b5de30f627f09cc273567f71a013836f8757a787cf65eb3fae9e4cace2b0678c71e

  • SSDEEP

    49152:7GYPVIfenY4Y5Kqmoz3iAOUpqi6EGfBJZtgQS6fN6O:CYKb4YkdsstE0BJQwYO

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file

    • Size

      2.0MB

    • MD5

      eba9531805b1577ae2a8911bcc6d2b04

    • SHA1

      ab354a9b2b09f18e7b40f4f47025256148d9f788

    • SHA256

      a9d91b57e0d37b08b87d1f616b937ee756c6e006e3e8a0de21c8eab981e921d1

    • SHA512

      419da7e7893323a464ee5a3189422fa4012aafa7b47f81c6908d9385a0d22b5de30f627f09cc273567f71a013836f8757a787cf65eb3fae9e4cace2b0678c71e

    • SSDEEP

      49152:7GYPVIfenY4Y5Kqmoz3iAOUpqi6EGfBJZtgQS6fN6O:CYKb4YkdsstE0BJQwYO

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks