General

  • Target

    ReiSpacer71.exe

  • Size

    1.1MB

  • Sample

    230701-lqwn1agf36

  • MD5

    0939478424b4e0baae2b2647bfa9e9c5

  • SHA1

    08d3d79a25a85b02ce8e5318aa88859996bce6f8

  • SHA256

    02f02df3f94bf36833832419cd9a0621358fefdcdfca2b33bb8d70de295740d0

  • SHA512

    21e0ab67ce3c804e24155d4f3762369b2d05261ab9a5d2687904c11c8e03421f0bbbdb6c6bfb6491839abac52ca394a4be09880db191cc12bcb4957243be2636

  • SSDEEP

    24576:NZ+5QVAEp70Fcrcz8qBwNmi1oaOnWox/Sm4ea+UT:250Nqg5xp0UjT

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      ReiSpacer71.exe

    • Size

      1.1MB

    • MD5

      0939478424b4e0baae2b2647bfa9e9c5

    • SHA1

      08d3d79a25a85b02ce8e5318aa88859996bce6f8

    • SHA256

      02f02df3f94bf36833832419cd9a0621358fefdcdfca2b33bb8d70de295740d0

    • SHA512

      21e0ab67ce3c804e24155d4f3762369b2d05261ab9a5d2687904c11c8e03421f0bbbdb6c6bfb6491839abac52ca394a4be09880db191cc12bcb4957243be2636

    • SSDEEP

      24576:NZ+5QVAEp70Fcrcz8qBwNmi1oaOnWox/Sm4ea+UT:250Nqg5xp0UjT

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks