General

  • Target

    1f4db635b14e316532f5c29e3c03a52459ce43df9517adf81c7b2057450ab037.zip

  • Size

    169KB

  • Sample

    240402-mmwehafb7t

  • MD5

    a13e283e7e5e58be1cbd850e99d51be2

  • SHA1

    c700738ac1b8d837b25f79651ab4d8633c12596d

  • SHA256

    cfb601fc14a02d0587af3836eee7c40bbac6f3fd367dc79e0663c2b50e53070f

  • SHA512

    20601c943578b9bacefb720e1380071eda9dbea1eb15f1db78c1f31841a97915e22dd61a4f04cdc52d5859816f63f7334347fe2c2e10e1d3079b7b46d9572137

  • SSDEEP

    3072:Rexq1HwnDCGRl1NcfXbA9S5NaIBnAOpeYBtRO8BFXrKuXOYkP3Cp8sVkKBf:R11HwnDFlLIt9BBVTFb8ZvCysVlF

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      1f4db635b14e316532f5c29e3c03a52459ce43df9517adf81c7b2057450ab037.exe

    • Size

      284KB

    • MD5

      eeeda33b6561043c0e331eadc2fae28c

    • SHA1

      1e41aef8f31573cf174f12d923d451988ac88dd5

    • SHA256

      1f4db635b14e316532f5c29e3c03a52459ce43df9517adf81c7b2057450ab037

    • SHA512

      40ee9f046a905f6ed5e57febbd0d39eae68a14c786dc0a28b25cc782b0517f650d81c3c995663912c5edc2045847c6a580b32a8d47d1f9b19d99a8fd0c321244

    • SSDEEP

      6144:3zWZwVZqDrqxUG8Vqtj0W5akevzLZ83e:DWuHqDuSjVMj02/S/O3e

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks