General

  • Target

    file

  • Size

    1.1MB

  • Sample

    230702-vgq7laca92

  • MD5

    8c9dc6785cb72f5fdfe4cade60a9f9c4

  • SHA1

    079772fa7021f1fdf08bd59dc1936036e8408c98

  • SHA256

    0e538582376de2930268f9c4d20d75924e446f14c4ff30ab486ef87c38316be4

  • SHA512

    60f56e6543fbe015aa3eb01597d2123cd93eb0ca78bd256090bed6ca846e6fdeed26f053f755e3cb4537d72c17e3d8efda55cf29b7800bc13128b603f58c6c77

  • SSDEEP

    24576:JfOyP2uR/IiE5afCbKOtN6jIMMIs2YsekT90bOunNUWCMW6:JGp065aKuOj6jIPIseevbOuvT

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      file

    • Size

      1.1MB

    • MD5

      8c9dc6785cb72f5fdfe4cade60a9f9c4

    • SHA1

      079772fa7021f1fdf08bd59dc1936036e8408c98

    • SHA256

      0e538582376de2930268f9c4d20d75924e446f14c4ff30ab486ef87c38316be4

    • SHA512

      60f56e6543fbe015aa3eb01597d2123cd93eb0ca78bd256090bed6ca846e6fdeed26f053f755e3cb4537d72c17e3d8efda55cf29b7800bc13128b603f58c6c77

    • SSDEEP

      24576:JfOyP2uR/IiE5afCbKOtN6jIMMIs2YsekT90bOunNUWCMW6:JGp065aKuOj6jIPIseevbOuvT

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks