General

  • Target

    a1f6e1057197ed0131185f28c33e1756b83877c5c0fe5d49b98a19d8c93b9538.zip

  • Size

    173KB

  • Sample

    240402-mm4qwaff92

  • MD5

    ae5cb143ce7e71d43bfa248c96960b2e

  • SHA1

    a90ec5861cfd8fbf23edddfa384106d225ddfe94

  • SHA256

    ccaf37a95e4445560368e3804e9f8bde835ec9bea21f8b06252bbca01159c773

  • SHA512

    f437b8f039de5fe2821b20ee31b5faa2bbf3cdc5a2475dff26240235266fa8f00a7401e11b6e95d829891899d865a343896b3fb8941dd4953e220b55f5006607

  • SSDEEP

    3072:PNfFCILo2hlTCdqUHNZl1SLvGMANOCtUAKiy9JNtG3OCL1C0/f5FxOWs:PVFbR+dPNZlmeMANZwvG+CBJFxk

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      a1f6e1057197ed0131185f28c33e1756b83877c5c0fe5d49b98a19d8c93b9538.exe

    • Size

      308KB

    • MD5

      224598916fe737df40b20093943ac879

    • SHA1

      f37e1adf38fe90e4449bd31d7ead3af3678c9af1

    • SHA256

      a1f6e1057197ed0131185f28c33e1756b83877c5c0fe5d49b98a19d8c93b9538

    • SHA512

      9c1deb8cf9daf670f91179c3e19aae8ddcd7e30826b09ab680325ab627fa296f011e5e5551169464ab042a890d5bcbc339ac1f0f9ecd467404ecd2376886981c

    • SSDEEP

      6144:k6p1tshJDRM+odULu+enE1FFsaQTeyowr0y:k6+hXTodlyGaFyowrV

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks