General

  • Target

    RekSpacer73exe.exe

  • Size

    1.1MB

  • Sample

    230703-yb821abc6w

  • MD5

    9ccd19239b84d79befc755a8de17defc

  • SHA1

    f68b60967def51523f37ab5019aa99592515db04

  • SHA256

    c780abf86f16f5566261d91132d14f32051a755dd3b96d52edcb612a6a403229

  • SHA512

    11ac48825621bce913a534580aa33916f9e5cbe83d3b7425577c7126633beae0065d9a17221edf1cd85b8c8d8a96a4b67f14a8b894b76d850ca5a1cb9203437a

  • SSDEEP

    12288:WkauHfOa9BhEVOcbEVjg4QqHzWTg3R0YoxZOcvFyKCBy5KDicoKv:WkB/prhsOcbsHSTgB0lxYcpCBy5uL

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      RekSpacer73exe.exe

    • Size

      1.1MB

    • MD5

      9ccd19239b84d79befc755a8de17defc

    • SHA1

      f68b60967def51523f37ab5019aa99592515db04

    • SHA256

      c780abf86f16f5566261d91132d14f32051a755dd3b96d52edcb612a6a403229

    • SHA512

      11ac48825621bce913a534580aa33916f9e5cbe83d3b7425577c7126633beae0065d9a17221edf1cd85b8c8d8a96a4b67f14a8b894b76d850ca5a1cb9203437a

    • SSDEEP

      12288:WkauHfOa9BhEVOcbEVjg4QqHzWTg3R0YoxZOcvFyKCBy5KDicoKv:WkB/prhsOcbsHSTgB0lxYcpCBy5uL

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks