General

  • Target

    99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.zip

  • Size

    180KB

  • Sample

    240402-mm4qwafb8v

  • MD5

    7a72d71fd22ce60df6f2f3ebd7295dba

  • SHA1

    a0595204b86881ce27a7940de4637ad479f1a7e1

  • SHA256

    5ffc8c1b2c115f010ce6d58b14e872742dca04dc3a130f494b205fa9e13d17f6

  • SHA512

    1c1cd1d81b5505b7d96604463c6366f824a8fce37e55cbeadf2544214f989c7849ad6724bfb350d05756ceef42a6550fe7f830e896a759c4767f45637802c908

  • SSDEEP

    3072:GVjlfMniK/ChRzZ8VjV7yZnFxYa/IxcYIbQIUqePscIsQ1H:GVjlfMniVzZEV8nFDjq73Q1H

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9.exe

    • Size

      311KB

    • MD5

      072808f550a495b45920fa2f0f239d3e

    • SHA1

      72c07f574b55f5da5d8bea8d1c87e024e5925f15

    • SHA256

      99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9

    • SHA512

      1cbb966a3216c8968fbd58ebecdd2d55dec2567cd8d89857acd618c0d6c128c61d5edb93e7518766ea3166c8e47ecb6920360c06d37e0d1de825dd2fb16445f7

    • SSDEEP

      3072:WOhBfC8R+bIlGXY+XKdK1QUdLUUDO3bvd+A+kYiTmxtViZmmJVjkKbzGbIXyrN9H:L8pdoxiskxe4KW+qN9Xi

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks