General

  • Target

    d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2.zip

  • Size

    180KB

  • Sample

    240402-mm42msff93

  • MD5

    1a0b490a10452f2e5a7212699ec9869a

  • SHA1

    2812bb2081bf489a44b4ff4da3fa2254f885824d

  • SHA256

    927a3d3af33158322cdaa42c4195fd1a23ce6ab9e93f36ed55631b4b5b02c146

  • SHA512

    a7cca7bfe782d6d892305258f5828da665d40d39c5b3e080e9b790d38aa71e7957ff4c82b146c8ddf253f8849e004498ce0d97dd6b7f3d0019fb76ab88b7b332

  • SSDEEP

    3072:wZAWKMeEMySND3tfkfqO/3Xqc5K+ru//6CqaaGnsRKcGqQIE9phUeDC2EVRQHoQ+:wFSNDdfm3Xq0FCAgs3GYETDC74rS9Z

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2.exe

    • Size

      312KB

    • MD5

      c4ec38ae5ddce37cb56b4c6d88bee7c3

    • SHA1

      ad97d501d7d2dc64f23ba989139fac33f4dbdec4

    • SHA256

      d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2

    • SHA512

      85f3723f2a3991d96d3cecf480d46f94f58959d55fa54e98dd5ad9ce64cbd6288fd1a77b65b7e636e64d2c6b97203eccd454247463f5e818022320db5a3bc8e9

    • SSDEEP

      3072:0u/Yc8E9PlkOF+XldS/yBjQuhLSLf7tU7zCHCOkSPK412YdBZxo9XOddA:zFKkwvSj7EuihSPKo3LXo9Xk

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks