General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230702-1v2hdadg39

  • MD5

    7fcf0d6173ea334c0661f7b5c173f11c

  • SHA1

    fbe789bd8058016f26ade5c42e7324f1f7a3a5ee

  • SHA256

    a4e9be0e8ecc1a6b29ede8c7fe20ff4d63af12faefc89b3279c6c3060f2824da

  • SHA512

    dc0368742b417ab5523713ba2e50b7cfe5b926590e2d2f6f3079fa24cef0b3777cb160d9d45f2e9b25de41ef9d6022461e49ee956b37c24a43f0577fcd6d083c

  • SSDEEP

    24576:JfOyj9Wt2HUg3NmTuviFcRfSG2sd4pVQpDo4Azl1knNUWCMW6:JGg9SgdmTGHfsstkl+vT

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      7fcf0d6173ea334c0661f7b5c173f11c

    • SHA1

      fbe789bd8058016f26ade5c42e7324f1f7a3a5ee

    • SHA256

      a4e9be0e8ecc1a6b29ede8c7fe20ff4d63af12faefc89b3279c6c3060f2824da

    • SHA512

      dc0368742b417ab5523713ba2e50b7cfe5b926590e2d2f6f3079fa24cef0b3777cb160d9d45f2e9b25de41ef9d6022461e49ee956b37c24a43f0577fcd6d083c

    • SSDEEP

      24576:JfOyj9Wt2HUg3NmTuviFcRfSG2sd4pVQpDo4Azl1knNUWCMW6:JGg9SgdmTGHfsstkl+vT

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks