General

  • Target

    3a810c8e25c4e2bee013eff6ff95fc378456abb435299da1faffe6ac12d0934a.zip

  • Size

    152KB

  • Sample

    240402-mmw12afb7x

  • MD5

    0a7b503a7e1449fd48f3eeaa8ae4936f

  • SHA1

    5d123966d347695abd88c329254c6659dc8ddc72

  • SHA256

    cfa0687d5d15a0fd1ac6b7ec081c42e89589da22009e81a4632f6fb3fe9b1d86

  • SHA512

    ae6bfdafd81d311847f20acfd31c6aa127083417721bfba2ce8626aa763171351338183c095d5538573566f1db2077721038e2891129058fb26de36cc6587371

  • SSDEEP

    3072:oLtWs+dtq7aU90zdh2NzGDKoWPY19bb5TSORwIZoa8Lks2ti:oLtWXd0aUKS9GDKoKY19btZoaQeE

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      3a810c8e25c4e2bee013eff6ff95fc378456abb435299da1faffe6ac12d0934a.exe

    • Size

      222KB

    • MD5

      6410d5a54714bbee2d34c32082e6ecd2

    • SHA1

      e98ee40e25c1a52adaea2147bab0051bd510177a

    • SHA256

      3a810c8e25c4e2bee013eff6ff95fc378456abb435299da1faffe6ac12d0934a

    • SHA512

      2a139bf11167569722060fdf0cfe38628fafb09d4353f9801025bfcd454366588c9d9b11712a32d17938fb5dff73196704aa42a43257d0dc3ed903881e814c77

    • SSDEEP

      3072:venboFIBgJ+EWroYEzDIwyBql9zZvMA7+LDNzE7MTKwxlFrgC4:WceEWkTIGl9OA7+tzEIllFr

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks