General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230702-a87nfaab52

  • MD5

    fa7aba50318c823681416c91cc25bede

  • SHA1

    d09d87d4c7d2a6566a03bb0dbca59172f5b4af0e

  • SHA256

    dd6bc30663f160f11a68c76e824442057d3546a5d7c795fd5b77770f7c1b5e1b

  • SHA512

    c04157aeee9dd4c15d36065dee9f84d107f38d4dc622291ccbce370593b0fd6896ec31063c3b9607e3491ca3e6cec764c5f6b024096e7c4d18529137a0f735d5

  • SSDEEP

    24576:OfOyF0hEGdTQXEfiQ65DIHJ0HnzbfvhZvqvGK1rARpJjBBp/D:OG1Es764J0HvH1g2pvBp

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      fa7aba50318c823681416c91cc25bede

    • SHA1

      d09d87d4c7d2a6566a03bb0dbca59172f5b4af0e

    • SHA256

      dd6bc30663f160f11a68c76e824442057d3546a5d7c795fd5b77770f7c1b5e1b

    • SHA512

      c04157aeee9dd4c15d36065dee9f84d107f38d4dc622291ccbce370593b0fd6896ec31063c3b9607e3491ca3e6cec764c5f6b024096e7c4d18529137a0f735d5

    • SSDEEP

      24576:OfOyF0hEGdTQXEfiQ65DIHJ0HnzbfvhZvqvGK1rARpJjBBp/D:OG1Es764J0HvH1g2pvBp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks