General

  • Target

    c095c87e67b0964a91603f3af00dcd97.exe

  • Size

    285KB

  • Sample

    240402-ydhylabe2x

  • MD5

    c095c87e67b0964a91603f3af00dcd97

  • SHA1

    d99699c361864fe49ce29c50f9421ef4813c74a0

  • SHA256

    f0a6f13b482273d029a6a8613664c33a8f6381dcf98d2cdc7954bbf161c93f49

  • SHA512

    e03efb6b5e60f523a96559346362874e32e4fd8e538c752cc571fe0df8aca171c0560c459e473abaa4d36bf3c296747831fdece96baa149a1ef7013d00d09049

  • SSDEEP

    6144:D8qrKd3vhpFsfpmG/1DjHyYmT2t+34XVe:Br03vhbc1DGC+oV

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      c095c87e67b0964a91603f3af00dcd97.exe

    • Size

      285KB

    • MD5

      c095c87e67b0964a91603f3af00dcd97

    • SHA1

      d99699c361864fe49ce29c50f9421ef4813c74a0

    • SHA256

      f0a6f13b482273d029a6a8613664c33a8f6381dcf98d2cdc7954bbf161c93f49

    • SHA512

      e03efb6b5e60f523a96559346362874e32e4fd8e538c752cc571fe0df8aca171c0560c459e473abaa4d36bf3c296747831fdece96baa149a1ef7013d00d09049

    • SSDEEP

      6144:D8qrKd3vhpFsfpmG/1DjHyYmT2t+34XVe:Br03vhbc1DGC+oV

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks