General

  • Target

    aa28923b864f555f4205239373060101ab1db7b72d9a301852bee00451c7ebda.zip

  • Size

    173KB

  • Sample

    240402-mm42msfb8w

  • MD5

    9468d741182e5d151b1d5f7abaf53811

  • SHA1

    21febd4322d8a37dd8ee1efce6762820ad9a5dcc

  • SHA256

    7af7099ea7ef6b50611d1caacecae6a58e0d507a2a106a39d33b2e236b29ab01

  • SHA512

    7e5d04f616a0d359d4df2dc49adcce936ce0955831e1ce3f2d01c1e5e3fce9c764a1236a0a545be5741b2cdc8869b253cfb1026bc39e17dc4469198344b2d287

  • SSDEEP

    3072:gulOlm03Wktg83dVQYM9GvIeaVpenllMQbL0U4NTsipALQvFSym3ZOskHk:XGmq9ZRMOGPdIYUCoiuryUgskE

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      aa28923b864f555f4205239373060101ab1db7b72d9a301852bee00451c7ebda.exe

    • Size

      263KB

    • MD5

      14ad3dad94f1918960c75a5da4c58a83

    • SHA1

      a072231bd9202dd3b34c0f3c5402fec5ca373a27

    • SHA256

      aa28923b864f555f4205239373060101ab1db7b72d9a301852bee00451c7ebda

    • SHA512

      9ca297a6d3568e5dfa0f153d1d47203e0bd9cf346b5eec0dd0d2cafe0d8c620212feac8bd46fb672d02879cddab6d56839092b36ee3ac8dc3b20e7c1f9d32ceb

    • SSDEEP

      3072:HJeIexKZfZOgiAOEVmPcbq15/fOhfTw+N08hetrR8Umdu0SPr91u368:Hg+ZfZt5OEE59L8h1Nwxbu3P

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks