Overview

overview

10

Static

static

3

7502f3e13f...1f.exe

windows7-x64

10

7502f3e13f...1f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7502f3e13fd9416229f24c7f956bc21f

  • Size

    269KB

  • Sample

    240125-vcq12abhcj

  • MD5

    7502f3e13fd9416229f24c7f956bc21f

  • SHA1

    fdc74c687a8e14624bcfbab3c81441d3364e88c3

  • SHA256

    5b7c58fb0a1cee2111ee220dd1273f467de8ca5dddff3e4a8d992a98557bb20e

  • SHA512

    4184acdae40f5e32533e0666a5f6813a2e8daef141862f6fbd4b63a66dbec7e439fa091a70a1ea5da36c7b1702ac6f728b726b78d9bdf9f9d1602247e932e245

  • SSDEEP

    3072:NyFcpGHBJutqtZri91tkVcWNgvbiQQseHFd+xGLJ+v8rRRUh54F9UmgM:N+XutqDr61tTWmuQCYSrFtb

Score
10/10
gcleanerkinsingonlyloggervidarloaderstealer

Malware Config

Extracted

Family

gcleaner

C2

194.145.227.161

Targets

    • Target

      7502f3e13fd9416229f24c7f956bc21f

    • Size

      269KB

    • MD5

      7502f3e13fd9416229f24c7f956bc21f

    • SHA1

      fdc74c687a8e14624bcfbab3c81441d3364e88c3

    • SHA256

      5b7c58fb0a1cee2111ee220dd1273f467de8ca5dddff3e4a8d992a98557bb20e

    • SHA512

      4184acdae40f5e32533e0666a5f6813a2e8daef141862f6fbd4b63a66dbec7e439fa091a70a1ea5da36c7b1702ac6f728b726b78d9bdf9f9d1602247e932e245

    • SSDEEP

      3072:NyFcpGHBJutqtZri91tkVcWNgvbiQQseHFd+xGLJ+v8rRRUh54F9UmgM:N+XutqDr61tTWmuQCYSrFtb

    Score
    10/10
    gcleaneronlyloggervidarloaderstealerkinsing

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Kinsing

      Kinsing is a loader written in Golang.

      loaderkinsing

    • OnlyLogger

      A tiny loader that uses IPLogger to get its payload.

      loaderonlylogger

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

      stealervidar

    • OnlyLogger payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks