General

  • Target

    RejSpacer72.exe

  • Size

    1.1MB

  • Sample

    230702-f7zjbsag42

  • MD5

    bd481fbe21d690f2e15243f233fe1f92

  • SHA1

    afd3b8d8c9e75b748d759e7fa73d5a1470e08a13

  • SHA256

    cb6f91dc0ef15705a4449ece2ee7324c9e24a75dbf852651d095179dcaf2739b

  • SHA512

    8a4790612726cf81ea5b22bec9a18f29cf89c2afa8b8682ce53bcce54aaf112db3e3d219aa6d5996b1ef79269ec5946210c67eba4fc12932b993b90839dfbc41

  • SSDEEP

    24576:QhIpFgNyp/e06M4Vn5JL/OJoHG87aq9lWVJ:kwvN4V5J3J2

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      RejSpacer72.exe

    • Size

      1.1MB

    • MD5

      bd481fbe21d690f2e15243f233fe1f92

    • SHA1

      afd3b8d8c9e75b748d759e7fa73d5a1470e08a13

    • SHA256

      cb6f91dc0ef15705a4449ece2ee7324c9e24a75dbf852651d095179dcaf2739b

    • SHA512

      8a4790612726cf81ea5b22bec9a18f29cf89c2afa8b8682ce53bcce54aaf112db3e3d219aa6d5996b1ef79269ec5946210c67eba4fc12932b993b90839dfbc41

    • SSDEEP

      24576:QhIpFgNyp/e06M4Vn5JL/OJoHG87aq9lWVJ:kwvN4V5J3J2

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v6

Tasks