General

  • Target

    4b6032c2677c1c6757eb39e3899812dfe63426af9b094094786c9a0ee4aa31d6.zip

  • Size

    169KB

  • Sample

    240402-mm4e4sff87

  • MD5

    90b7c9faa1d2d38e366479be6fe3585b

  • SHA1

    9634c34ac800a1798b7442a4929e0c15442371d7

  • SHA256

    902484a82746ee70a263915cd84d870930337bd1263ff3e64fa61a61b22083e5

  • SHA512

    a332715620dfe8073eb10677d8831a80c7f83d417ef217db4f784ba82279229ba6baf24c9621db2f144216f117c5094ef090769ec9436641367dd3b16914edfc

  • SSDEEP

    3072:/QGjZb4+9UDwgOxyCwUNFFE+ABkecEAnYRDDcTqtFIeh5x:IGu+dxyCLFlA9c1nYRDwTq5x

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      4b6032c2677c1c6757eb39e3899812dfe63426af9b094094786c9a0ee4aa31d6.exe

    • Size

      284KB

    • MD5

      f42d86b084ab4f227d53dfad7320c393

    • SHA1

      0e1b2040faeff6dea4146b13d1f0a83fe517bde5

    • SHA256

      4b6032c2677c1c6757eb39e3899812dfe63426af9b094094786c9a0ee4aa31d6

    • SHA512

      c98404f8963fe91ab2e817820bd423bbbe35c0d61ea0eba29477a42566046c309ce9910797f5764dee789af47ee8f1f4bba009e49bc9f348a0fe1c86a8455c38

    • SSDEEP

      3072:qvnUB2XKOHJWbFqZ6R+aKkarpzKuUfqpRbMRZNYec9fJjSA84XV1aLd1k8JC03Zk:qvUAXKSsAmckGDpRExo5SA84Xrl8JCU

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks