gcleaner | 020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b | Triage

Sharing

General

Target

020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b.bin
Size

324KB
Sample

230711-rx3c1saf31
MD5

6afa886e95cdd9d78047f17fd0ab6b45
SHA1

247324c3c7672965f57446f18b5b77a5567e19ab
SHA256

020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b
SHA512

cb1b3f7021881d6fd4f85a8b9a223903554f40e0908fed55a8b9c725dfddc319fc382d5219f403b537464559d4feb74c968bb48c156da813c67c9206b4c19bc5
SSDEEP

6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P84AO8X3ESqAguOSfmiChsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a0SyxLp

Score

10^/10

gcleaner

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b.bin
- Size
  
  324KB
- MD5
  
  6afa886e95cdd9d78047f17fd0ab6b45
- SHA1
  
  247324c3c7672965f57446f18b5b77a5567e19ab
- SHA256
  
  020d370b51711b0814901d7cc32d8251affcc3506b9b4c15db659f3dbb6a2e6b
- SHA512
  
  cb1b3f7021881d6fd4f85a8b9a223903554f40e0908fed55a8b9c725dfddc319fc382d5219f403b537464559d4feb74c968bb48c156da813c67c9206b4c19bc5
- SSDEEP
  
  6144:msYSsp5yL23j0Tj4M6aW4I7NMk5B8k3qX/SCm63P84AO8X3ESqAguOSfmiChsmG:msYSsp5R3j0Tj4XaW4I7NM0B9a0SyxLp
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2