General

  • Target

    2b73cf1162139d6cebbe64dece8976de44ab908cbb7185596ad9c6dd9903061a.zip

  • Size

    152KB

  • Sample

    240402-mmwp9sfb7v

  • MD5

    6de0dc853e64deda0bd832ea6b7489d2

  • SHA1

    419f16bd417d3f6838ca1789ef490c6455bdc60f

  • SHA256

    b2adb678e43b6ed9ceee72c1ffef4cb61a4932ce1786bdd184bbcd3ecfb5c9c8

  • SHA512

    3a31e067a1259a1e7535257a09b9ee22c0e4a1e9a09ec66597abc72b1e6348265b1f3d3a5c219d304db318bc2177a3e7ea7d2cebffe8b992641821e8ab1a7dbe

  • SSDEEP

    3072:ffHbClvCAGn2otc6C+ZfCnvo1nEOR/QLw+kcYkShFS7Jbz8enl24R02ck2rkXr:HQGntQncEA/Qc+HYVYtH8elJW/r0r

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      2b73cf1162139d6cebbe64dece8976de44ab908cbb7185596ad9c6dd9903061a.exe

    • Size

      222KB

    • MD5

      679f8f09e36c8e01467d665b3cc125c2

    • SHA1

      936b70906d011f4888e249a52f0544e8836f9a70

    • SHA256

      2b73cf1162139d6cebbe64dece8976de44ab908cbb7185596ad9c6dd9903061a

    • SHA512

      07167e29fb3fdcfc7f4a131e40564f83de620ae403b89ef987139fd90f0b08e4094d7691f1beb0c1369797d86052d67403f266ea4463b7932a20c20a7114d7c2

    • SSDEEP

      3072:1i3bLVyBgwKUEf+5AR/rH9pPay1Dfuw5j6A3hxq9PsDPxt2tpRa:g/pUEW5y5pl1Th5di9PE5t2

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks