Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    323KB

  • Sample

    230718-x5j5aseb5y

  • MD5

    188332f8d229131789a0b760aec2dd91

  • SHA1

    2ca374c876946334a9f71d3b68f669791e1dc2ba

  • SHA256

    c6820216f0f3c79377dc2fbd0e82971910cccda00efa6de17fe0912076efacc3

  • SHA512

    42dcb71bd0e12bca13aced7215e661765211b3f38f7f2c74458270a2fa3cefe805f5341ec6081c7ce6ebb4d6c28ce9ab0f8c2d8d7fbc32734759f11aadd52e8e

  • SSDEEP

    6144:FLFccXjKG6w81kQOqQi+dzbObhnjuZpBKZ6oW/aT:FJLj16wrXhi2u5juZbMaM

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

    • Target

      tmp

    • Size

      323KB

    • MD5

      188332f8d229131789a0b760aec2dd91

    • SHA1

      2ca374c876946334a9f71d3b68f669791e1dc2ba

    • SHA256

      c6820216f0f3c79377dc2fbd0e82971910cccda00efa6de17fe0912076efacc3

    • SHA512

      42dcb71bd0e12bca13aced7215e661765211b3f38f7f2c74458270a2fa3cefe805f5341ec6081c7ce6ebb4d6c28ce9ab0f8c2d8d7fbc32734759f11aadd52e8e

    • SSDEEP

      6144:FLFccXjKG6w81kQOqQi+dzbObhnjuZpBKZ6oW/aT:FJLj16wrXhi2u5juZbMaM

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks