General

  • Target

    14a55165b2827df8f2f7aff0e5c61595_JaffaCakes118

  • Size

    322KB

  • Sample

    240504-1tmylacd71

  • MD5

    14a55165b2827df8f2f7aff0e5c61595

  • SHA1

    a34d85a11d914085f1c38810c0989324532bd20a

  • SHA256

    26c2c963900eeb20023114fe2e1a0b246235b974c08c74ae4cc96dd041a70a27

  • SHA512

    f07b0191a48d7da7963ff054176c57ad6cac0a7f5777fa0bd1d27bb6d5075136bd00b2dfb13f6dd4b5653afc7ed8b4dabc5e54a0d53535dbe25ce5629ebe4e70

  • SSDEEP

    6144:+oSW5ce9Hb6gXgOyE/yc/nTPCjlRt7fkXCn:+o8e9HRjykz/CjyC

Score
10/10

Malware Config

Targets

    • Target

      14a55165b2827df8f2f7aff0e5c61595_JaffaCakes118

    • Size

      322KB

    • MD5

      14a55165b2827df8f2f7aff0e5c61595

    • SHA1

      a34d85a11d914085f1c38810c0989324532bd20a

    • SHA256

      26c2c963900eeb20023114fe2e1a0b246235b974c08c74ae4cc96dd041a70a27

    • SHA512

      f07b0191a48d7da7963ff054176c57ad6cac0a7f5777fa0bd1d27bb6d5075136bd00b2dfb13f6dd4b5653afc7ed8b4dabc5e54a0d53535dbe25ce5629ebe4e70

    • SSDEEP

      6144:+oSW5ce9Hb6gXgOyE/yc/nTPCjlRt7fkXCn:+o8e9HRjykz/CjyC

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks