General

  • Target

    2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.zip

  • Size

    185KB

  • Sample

    240402-mmw12aff82

  • MD5

    7822e156ee8ead884d13f75c9f1f3db9

  • SHA1

    18bbb3af7f2c819ad9d83bffe54ede2489050963

  • SHA256

    7b2807f3c3b294d6703f62995ab3bd2c456f57a5cbd66f9610317ecefc91864e

  • SHA512

    47cb8d63e214244adadfe24266645c50d34adad82edca5db9a707aacb9341c1f8680c73e70ea63319eceb0a48a1b70551c70a05acc3550cf66bea81c8233d464

  • SSDEEP

    3072:PdjmXuFWsNF3ui3v+X54cau23Qdx1GnPQCcxUBVrPxEmX0qHEUa2nnp+M8Dc86:1Mqj3Xv+J4purdenPQCUUrrpF02a8ntp

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d.exe

    • Size

      288KB

    • MD5

      f35f036ccbdb0e59f785b45a941d7169

    • SHA1

      515dc6c7294edb23469703880211690cf53dd9d7

    • SHA256

      2f956197a4d1936813be2945bd9bd2bad0c30613d5929a0826bc95e106d2714d

    • SHA512

      0f288e2439beaebc347d819a776d219711c5a2c0a4836eeddd0df2814ba1c0c7367024f877dcb5fb16fa500fdedf544923c860f3e6b3ec7beeb3acb068142cae

    • SSDEEP

      6144:wlm6nwqV2j9RQmmHczxOmWDoRzy7A6mEIccTnAfJk:L6nwU2JRZLzx5WDoRz6VmEIczu

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks