General

  • Target

    a977eb01f51fb7c09cc433d7854d0cf228c46041a9a4c3de031a90cd43881cf3.exe

  • Size

    346KB

  • Sample

    240509-m1nxksdh4v

  • MD5

    8c7c9042307b9cdd83daa9e8b5bbd450

  • SHA1

    1c7061c2dc32dbf3fa0d31fc81536a523899b8c4

  • SHA256

    a977eb01f51fb7c09cc433d7854d0cf228c46041a9a4c3de031a90cd43881cf3

  • SHA512

    84d077835108b5783efdc19414d19e6c8464f5826f503d9f91aa0c47a23019a9b2684c09e016d2ba0cb75d6beb463651fe2d3376f497dcb18f6a34d3e7a101ed

  • SSDEEP

    6144:9q6RYBumm/SqmNbPm/W4ydhsmeb3ClZwQZLMlyEcNPg33q:HYMmgWX4GsmdlhdMlyEyW3

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64

Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      a977eb01f51fb7c09cc433d7854d0cf228c46041a9a4c3de031a90cd43881cf3.exe

    • Size

      346KB

    • MD5

      8c7c9042307b9cdd83daa9e8b5bbd450

    • SHA1

      1c7061c2dc32dbf3fa0d31fc81536a523899b8c4

    • SHA256

      a977eb01f51fb7c09cc433d7854d0cf228c46041a9a4c3de031a90cd43881cf3

    • SHA512

      84d077835108b5783efdc19414d19e6c8464f5826f503d9f91aa0c47a23019a9b2684c09e016d2ba0cb75d6beb463651fe2d3376f497dcb18f6a34d3e7a101ed

    • SSDEEP

      6144:9q6RYBumm/SqmNbPm/W4ydhsmeb3ClZwQZLMlyEcNPg33q:HYMmgWX4GsmdlhdMlyEyW3

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks