a6a0cf55d8736aa6210c1d2c8616c748323c7bd53a9c5dd7cdd228403ee988e7

Sharing

Copy URL

Twitter E-mail

General

Target

CCleaner.v4.04.4197.exe
Size

3.0MB
Sample

240327-pesdzseh8t
MD5

641290aa3e40d617e7e7967b84c167f5
SHA1

6364021d3b3efaac7112cb33f1baae05a9f498a7
SHA256

a6a0cf55d8736aa6210c1d2c8616c748323c7bd53a9c5dd7cdd228403ee988e7
SHA512

01c303291b337c57c253313899ec06a92be1c0e9536c944f599a0d9867dd44466db667cb13192382eee802636deba068b5faa08dbef980f295bb6bedc465e196
SSDEEP

49152:BWK488vAzCjUg+ioa/B78g+pYLIvSM9s3SyzbGsP+JOll4CjFCgHZSzZk7YP/Y7/:LnzCjU7i/ugMcIqws3Pblm4llbFCNZkX

Score

7^/10

Malware Config

Targets

- Target
  
  CCleaner.v4.04.4197.exe
- Size
  
  3.0MB
- MD5
  
  641290aa3e40d617e7e7967b84c167f5
- SHA1
  
  6364021d3b3efaac7112cb33f1baae05a9f498a7
- SHA256
  
  a6a0cf55d8736aa6210c1d2c8616c748323c7bd53a9c5dd7cdd228403ee988e7
- SHA512
  
  01c303291b337c57c253313899ec06a92be1c0e9536c944f599a0d9867dd44466db667cb13192382eee802636deba068b5faa08dbef980f295bb6bedc465e196
- SSDEEP
  
  49152:BWK488vAzCjUg+ioa/B78g+pYLIvSM9s3SyzbGsP+JOll4CjFCgHZSzZk7YP/Y7/:LnzCjU7i/ugMcIqws3Pblm4llbFCNZkX
Score

7^/10

upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $EXEDIR/CCleaner Business/CCEnhancer.exe
- Size
  
  268KB
- MD5
  
  f4e930477bd9efaf96a3d2ffb40471ef
- SHA1
  
  2d9ca79124a3aaaa86f6b155265cdaff79387d5d
- SHA256
  
  dbdb45ba4dc1de2253c4ebc094923af8d665c0d86c4a516edcb966fd316f456c
- SHA512
  
  b78073785f62ea174d3bad465de8b6617a6dfbc1afc3a32a3d77b8aacd34d6da30a782e8e469a957537d2e15fa6b4e237da0247cff8d4d72546d3c7b8bdff609
- SSDEEP
  
  3072:3B8CIuAdNj4M+E9Jmfzxt+4kk5/6Lhqd9LKHUDKwALnp8CIuAdNj4M+E9Jdn:C4WNj4AafPcFJ/a4WNj4Axn
Score

1^/10
behavioral3 behavioral4
- Target
  
  $EXEDIR/CCleaner Business/CCleaner.exe
- Size
  
  3.5MB
- MD5
  
  e62ed5a7a2f21c5f377f924a33e12792
- SHA1
  
  6c3a1155aaee92c07a7f27dd64441c491ce733c2
- SHA256
  
  0199f5db10554a6138d7caf3d9d8a4b6ebfb49746b9523616406a4ed471ff39f
- SHA512
  
  38332209c797ecde26fa9cf9617b6a2daa2735f1ac08a1ae07384f487fb03c0bea4be1ef4159a7157456ec32e61ba386b23736cd4223e8840bbb555f70f190f0
- SSDEEP
  
  49152:HCvqo9q6j2zeKp4xJJVD68j+AfnL5d6z9CY7Jx34mo1xohq/n5tjS+7:HCFjW4jD68j++deskTJoToG7
Score

6^/10
- Checks for any installed AV software in registry
behavioral5 behavioral6
- Target
  
  $EXEDIR/CCleaner Business/CCleaner64.exe
- Size
  
  6.0MB
- MD5
  
  debad230966fdfbf8f8bd62d99a17865
- SHA1
  
  ab648a9b7254958d2a957959f3bb0378cd7f26ba
- SHA256
  
  5bf887d4e78afba3cbeb7e7815d52793f78cdb1df396eb8ac972539ced98c6a4
- SHA512
  
  bbe3cfbd6209d4c3d646d838eb8d46da5531e453eb64a594902a7ea822347550982276e302e087ffaed2f2e6209c7813b2eab5135e21f7108a2c993d0a83f2c0
- SSDEEP
  
  98304:4GYV/Ly+S19+NvTNIj/6QwG3RcUmfX/ZdQEuMTz29fA4rb:IQ+S19+NvTNIj/6QwG3RcUmfX/ZdQEuf
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral7 behavioral8
- Target
  
  $EXEDIR/CCleaner Business/branding.dll
- Size
  
  21KB
- MD5
  
  094814826aec215b5786800ab4b98c03
- SHA1
  
  f0b714ba04fe89c536939c68fec40b0fbfdf5566
- SHA256
  
  f753ef04524a1d7d802efd110e1cf0f502a80d8cf362260b2e4a08e1ca8d254d
- SHA512
  
  3bf5bedc2248060b1e3e0a412b77cf7b6690ac53d3a2a3d4d4f5608d2004da67be5f9329bff13d43cb78f3fbc70d627425fe649317413e8036f386a72ec14be5
- SSDEEP
  
  192:mHBB0yowJL/zr8GYe+vgQr9ZCspE+TMIrms:M30YJLcG5heM1
Score

1^/10
behavioral10 behavioral9
- Target
  
  $EXEDIR/CCleaner Business/lang-1049.dll
- Size
  
  35KB
- MD5
  
  e831e2b71587992412b4e414856b4853
- SHA1
  
  2b392e2c00255d6815e34914491dc830f2476fcc
- SHA256
  
  533a88ec27df3c4a45f8ca21ba00c130b6b7144168e18023887651d937e60984
- SHA512
  
  bcae4ddd3e4b25694f37553df416ccd93b0b7e805df21f02ac0cfb79a6595a54da8d40731aceac859858f30af4aac3c273289f5b1540138033bfab2e3c31facd
- SSDEEP
  
  768:obtkPBIKGGyk3ALbsPOyVyXmiI4MdR4NRW:oB
Score

1^/10
behavioral11 behavioral12
- Target
  
  $EXEDIR/CCleaner Business/lang-1058.dll
- Size
  
  37KB
- MD5
  
  7181db99a53ac2a4313434d17c042e3e
- SHA1
  
  fce9dcbab7d627e29a41c64304c05f64a1a72795
- SHA256
  
  73b89fd870c1ef68d7fef01d292a4a25a887feec035c880cfefb1651c8792afc
- SHA512
  
  e9cd871ae22ab0e286eb82080b3389ec77f13c804991e706d987324fad7b15cb9414ac730fef22c86264842202960bd1daddce1998f5e420bbeadc83549a8fcd
- SSDEEP
  
  384:enHGGQC/Ey5jKSteYPKleZxgvqzdy5MVCJrG/Vlg:eH/QC/V82eYylbyzdbVCJrKl
Score

1^/10
behavioral13 behavioral14
- Target
  
  $EXEDIR/CCleaner Free/CCEnhancer.exe
- Size
  
  268KB
- MD5
  
  f4e930477bd9efaf96a3d2ffb40471ef
- SHA1
  
  2d9ca79124a3aaaa86f6b155265cdaff79387d5d
- SHA256
  
  dbdb45ba4dc1de2253c4ebc094923af8d665c0d86c4a516edcb966fd316f456c
- SHA512
  
  b78073785f62ea174d3bad465de8b6617a6dfbc1afc3a32a3d77b8aacd34d6da30a782e8e469a957537d2e15fa6b4e237da0247cff8d4d72546d3c7b8bdff609
- SSDEEP
  
  3072:3B8CIuAdNj4M+E9Jmfzxt+4kk5/6Lhqd9LKHUDKwALnp8CIuAdNj4M+E9Jdn:C4WNj4AafPcFJ/a4WNj4Axn
Score

1^/10
behavioral15 behavioral16
- Target
  
  $EXEDIR/CCleaner Free/CCleaner.exe
- Size
  
  3.5MB
- MD5
  
  e62ed5a7a2f21c5f377f924a33e12792
- SHA1
  
  6c3a1155aaee92c07a7f27dd64441c491ce733c2
- SHA256
  
  0199f5db10554a6138d7caf3d9d8a4b6ebfb49746b9523616406a4ed471ff39f
- SHA512
  
  38332209c797ecde26fa9cf9617b6a2daa2735f1ac08a1ae07384f487fb03c0bea4be1ef4159a7157456ec32e61ba386b23736cd4223e8840bbb555f70f190f0
- SSDEEP
  
  49152:HCvqo9q6j2zeKp4xJJVD68j+AfnL5d6z9CY7Jx34mo1xohq/n5tjS+7:HCFjW4jD68j++deskTJoToG7
Score

6^/10
- Checks for any installed AV software in registry
behavioral17 behavioral18
- Target
  
  $EXEDIR/CCleaner Free/CCleaner64.exe
- Size
  
  6.0MB
- MD5
  
  debad230966fdfbf8f8bd62d99a17865
- SHA1
  
  ab648a9b7254958d2a957959f3bb0378cd7f26ba
- SHA256
  
  5bf887d4e78afba3cbeb7e7815d52793f78cdb1df396eb8ac972539ced98c6a4
- SHA512
  
  bbe3cfbd6209d4c3d646d838eb8d46da5531e453eb64a594902a7ea822347550982276e302e087ffaed2f2e6209c7813b2eab5135e21f7108a2c993d0a83f2c0
- SSDEEP
  
  98304:4GYV/Ly+S19+NvTNIj/6QwG3RcUmfX/ZdQEuMTz29fA4rb:IQ+S19+NvTNIj/6QwG3RcUmfX/ZdQEuf
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral19 behavioral20
- Target
  
  $EXEDIR/CCleaner Free/lang-1049.dll
- Size
  
  35KB
- MD5
  
  e831e2b71587992412b4e414856b4853
- SHA1
  
  2b392e2c00255d6815e34914491dc830f2476fcc
- SHA256
  
  533a88ec27df3c4a45f8ca21ba00c130b6b7144168e18023887651d937e60984
- SHA512
  
  bcae4ddd3e4b25694f37553df416ccd93b0b7e805df21f02ac0cfb79a6595a54da8d40731aceac859858f30af4aac3c273289f5b1540138033bfab2e3c31facd
- SSDEEP
  
  768:obtkPBIKGGyk3ALbsPOyVyXmiI4MdR4NRW:oB
Score

1^/10
behavioral21 behavioral22
- Target
  
  $EXEDIR/CCleaner Free/lang-1058.dll
- Size
  
  37KB
- MD5
  
  7181db99a53ac2a4313434d17c042e3e
- SHA1
  
  fce9dcbab7d627e29a41c64304c05f64a1a72795
- SHA256
  
  73b89fd870c1ef68d7fef01d292a4a25a887feec035c880cfefb1651c8792afc
- SHA512
  
  e9cd871ae22ab0e286eb82080b3389ec77f13c804991e706d987324fad7b15cb9414ac730fef22c86264842202960bd1daddce1998f5e420bbeadc83549a8fcd
- SSDEEP
  
  384:enHGGQC/Ey5jKSteYPKleZxgvqzdy5MVCJrG/Vlg:eH/QC/V82eYylbyzdbVCJrKl
Score

1^/10
behavioral23 behavioral24
- Target
  
  $EXEDIR/CCleaner Professional/CCEnhancer.exe
- Size
  
  268KB
- MD5
  
  f4e930477bd9efaf96a3d2ffb40471ef
- SHA1
  
  2d9ca79124a3aaaa86f6b155265cdaff79387d5d
- SHA256
  
  dbdb45ba4dc1de2253c4ebc094923af8d665c0d86c4a516edcb966fd316f456c
- SHA512
  
  b78073785f62ea174d3bad465de8b6617a6dfbc1afc3a32a3d77b8aacd34d6da30a782e8e469a957537d2e15fa6b4e237da0247cff8d4d72546d3c7b8bdff609
- SSDEEP
  
  3072:3B8CIuAdNj4M+E9Jmfzxt+4kk5/6Lhqd9LKHUDKwALnp8CIuAdNj4M+E9Jdn:C4WNj4AafPcFJ/a4WNj4Axn
Score

1^/10
behavioral25 behavioral26
- Target
  
  $EXEDIR/CCleaner Professional/CCleaner.exe
- Size
  
  3.5MB
- MD5
  
  e62ed5a7a2f21c5f377f924a33e12792
- SHA1
  
  6c3a1155aaee92c07a7f27dd64441c491ce733c2
- SHA256
  
  0199f5db10554a6138d7caf3d9d8a4b6ebfb49746b9523616406a4ed471ff39f
- SHA512
  
  38332209c797ecde26fa9cf9617b6a2daa2735f1ac08a1ae07384f487fb03c0bea4be1ef4159a7157456ec32e61ba386b23736cd4223e8840bbb555f70f190f0
- SSDEEP
  
  49152:HCvqo9q6j2zeKp4xJJVD68j+AfnL5d6z9CY7Jx34mo1xohq/n5tjS+7:HCFjW4jD68j++deskTJoToG7
Score

6^/10
- Checks for any installed AV software in registry
behavioral27 behavioral28
- Target
  
  $EXEDIR/CCleaner Professional/CCleaner64.exe
- Size
  
  6.0MB
- MD5
  
  debad230966fdfbf8f8bd62d99a17865
- SHA1
  
  ab648a9b7254958d2a957959f3bb0378cd7f26ba
- SHA256
  
  5bf887d4e78afba3cbeb7e7815d52793f78cdb1df396eb8ac972539ced98c6a4
- SHA512
  
  bbe3cfbd6209d4c3d646d838eb8d46da5531e453eb64a594902a7ea822347550982276e302e087ffaed2f2e6209c7813b2eab5135e21f7108a2c993d0a83f2c0
- SSDEEP
  
  98304:4GYV/Ly+S19+NvTNIj/6QwG3RcUmfX/ZdQEuMTz29fA4rb:IQ+S19+NvTNIj/6QwG3RcUmfX/ZdQEuf
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
behavioral29 behavioral30
- Target
  
  $EXEDIR/CCleaner Professional/branding.dll
- Size
  
  19KB
- MD5
  
  82589fadc12f673c18cbca1179361595
- SHA1
  
  186a5472df726f390be36b6c653a11f7ca7409af
- SHA256
  
  ccc095ce00f0bf54aba5ecb1b9dbccb439222f289582a05d57410cef996e1056
- SHA512
  
  0c49803f1980ed7ea0afd3f1dbd44c260282b7277ebd55468eef9891c76d204dbd4868cfd01a36fa6d95a8d7db8646a9374476593efc14e61ee526b2b467a5d2
- SSDEEP
  
  192:WCiBqQ7sW5Jh2hquyowJL/zr8GYe+vgQr9ZCspE+TMIrZ:G8Q7sW5vAfYJLcG5heM
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

Loads dropped DLL

UPX packed file

Checks for any installed AV software in registry

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Checks for any installed AV software in registry

Reads user/profile data of web browsers

Checks for any installed AV software in registry

Checks for any installed AV software in registry

Reads user/profile data of web browsers

Checks for any installed AV software in registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32