General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230702-thxkbsca24

  • MD5

    7d1a91696462a80b83fe045ceeb473ad

  • SHA1

    d9f15ef9fd2453ab267fc472496a73d49bf8866c

  • SHA256

    95b92e2a259749734d8fd7f1e146423f9c8af94ef58d538e195b149c1e8abd7a

  • SHA512

    1f453f5b05444def264290c72e0ee508abd57f8dfcd86b8a56c7d23e842f82602cc234585eca66500f08caaf281b677aab38be29edd998382a1801086e2532ca

  • SSDEEP

    24576:JfOyexd4m5EuMuBJZa6dyjOkaAGLdNMKxelcTELj5nNUWCMW6:JGHd4m5NVZavjOyGJzxRTc5vT

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      7d1a91696462a80b83fe045ceeb473ad

    • SHA1

      d9f15ef9fd2453ab267fc472496a73d49bf8866c

    • SHA256

      95b92e2a259749734d8fd7f1e146423f9c8af94ef58d538e195b149c1e8abd7a

    • SHA512

      1f453f5b05444def264290c72e0ee508abd57f8dfcd86b8a56c7d23e842f82602cc234585eca66500f08caaf281b677aab38be29edd998382a1801086e2532ca

    • SSDEEP

      24576:JfOyexd4m5EuMuBJZa6dyjOkaAGLdNMKxelcTELj5nNUWCMW6:JGHd4m5NVZavjOyGJzxRTc5vT

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks