General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230702-sf581sbh62

  • MD5

    6efed94141baaad0bcd8849ba910c7fa

  • SHA1

    74544c7207a89f7aa386115147b2a119dd4baf3c

  • SHA256

    878089116b0342bf962ed58a5c51ab9dbe845d7f64843cbf0dea9a000baad892

  • SHA512

    40f8df85b5a3d3307f8118502955149a41a685b6932829745f277c223f15e9e89c3b7449840f8d793215f795821705c94a54833e8827b6bb5d18b8cbefc3a831

  • SSDEEP

    24576:JfOyI9dtFxGG7BJxocnK+rMsD1oQtZX77gRVqnWnNUWCMW6:JGnTxGEycnrM81ro3qnWvT

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      6efed94141baaad0bcd8849ba910c7fa

    • SHA1

      74544c7207a89f7aa386115147b2a119dd4baf3c

    • SHA256

      878089116b0342bf962ed58a5c51ab9dbe845d7f64843cbf0dea9a000baad892

    • SHA512

      40f8df85b5a3d3307f8118502955149a41a685b6932829745f277c223f15e9e89c3b7449840f8d793215f795821705c94a54833e8827b6bb5d18b8cbefc3a831

    • SSDEEP

      24576:JfOyI9dtFxGG7BJxocnK+rMsD1oQtZX77gRVqnWnNUWCMW6:JGnTxGEycnrM81ro3qnWvT

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks