General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230702-bsyk9sbd3z

  • MD5

    f2c582462a4fba2085d1136a1970e802

  • SHA1

    3fd5d2222fcea1470b30cc2ba93b416ee384dae6

  • SHA256

    2c3797129f5d7a4e77af52d590e88187b073931a7a2b3d9bd51e588608880814

  • SHA512

    36ba022c296ed3494a03670e7cd46b168f0f540addca604ab71e845428e8d962b676dd2f85fb4ea76569ea91a16e3569f0c33518ba0cb00628b890fe5f1c1667

  • SSDEEP

    24576:OfOyK6ypZ3RT5J/K092mNKllYlesvIO+0QP1rARpJjBBp/D:OGt6iK0NNslUesQHd92pvBp

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      f2c582462a4fba2085d1136a1970e802

    • SHA1

      3fd5d2222fcea1470b30cc2ba93b416ee384dae6

    • SHA256

      2c3797129f5d7a4e77af52d590e88187b073931a7a2b3d9bd51e588608880814

    • SHA512

      36ba022c296ed3494a03670e7cd46b168f0f540addca604ab71e845428e8d962b676dd2f85fb4ea76569ea91a16e3569f0c33518ba0cb00628b890fe5f1c1667

    • SSDEEP

      24576:OfOyK6ypZ3RT5J/K092mNKllYlesvIO+0QP1rARpJjBBp/D:OGt6iK0NNslUesQHd92pvBp

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks