General

  • Target

    b85e0613ef25472f1001e21c2cc4c80ccb133477751927cd9d885a6e2d5661f1.exe

  • Size

    286KB

  • Sample

    240403-b7s94ace78

  • MD5

    e5b185c02ef1aa5361ba6fb910758288

  • SHA1

    11b1c3187fbafbad7854c13db5eb476d31e58f31

  • SHA256

    b85e0613ef25472f1001e21c2cc4c80ccb133477751927cd9d885a6e2d5661f1

  • SHA512

    a51e7e40e2bb24a611fd95b6f5a9aad49fcacb46e0a2a14d3cfcbc1a0b65cd6c170687c34b13290f643097a67a3cd1d2bda34c5d1c53e6c33324dcca1b9d39c3

  • SSDEEP

    3072:Ci7IQBzxfISVl5RVEi6M+nbkaWIn0l7Ijw8RgHT7QQvecbOuXtTAb+IrChgrqm0s:Cizhxf/msEkzl0jQT3veunAb+yfjATw

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.115

Targets

    • Target

      b85e0613ef25472f1001e21c2cc4c80ccb133477751927cd9d885a6e2d5661f1.exe

    • Size

      286KB

    • MD5

      e5b185c02ef1aa5361ba6fb910758288

    • SHA1

      11b1c3187fbafbad7854c13db5eb476d31e58f31

    • SHA256

      b85e0613ef25472f1001e21c2cc4c80ccb133477751927cd9d885a6e2d5661f1

    • SHA512

      a51e7e40e2bb24a611fd95b6f5a9aad49fcacb46e0a2a14d3cfcbc1a0b65cd6c170687c34b13290f643097a67a3cd1d2bda34c5d1c53e6c33324dcca1b9d39c3

    • SSDEEP

      3072:Ci7IQBzxfISVl5RVEi6M+nbkaWIn0l7Ijw8RgHT7QQvecbOuXtTAb+IrChgrqm0s:Cizhxf/msEkzl0jQT3veunAb+yfjATw

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks