Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903

  • Size

    255KB

  • Sample

    240520-k793aadf3v

  • MD5

    7a09006c1fff614757e6ecc56ca83002

  • SHA1

    5eb3103dea1bc25a3f223891bad7d737391b8739

  • SHA256

    b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903

  • SHA512

    1da4abe4a8c1be3f9d95aaeeb503bc079d2c1c0b3c4cf895e1169cc8e4c9a3cd35858131bef15ffe7e9a54f26cda4c51232742c6baef5adc9bc79728834294f1

  • SSDEEP

    6144:PY385ooT0DwnlgcXLJlHdqRq11tPhr1Z40:A385DoDwnmc7JXqRqLdq0

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.65.64
Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903

    • Size

      255KB

    • MD5

      7a09006c1fff614757e6ecc56ca83002

    • SHA1

      5eb3103dea1bc25a3f223891bad7d737391b8739

    • SHA256

      b5a43d68d468dab5cb5e51d2f67f924caf1b03d8cdc7217d791649a1fd24f903

    • SHA512

      1da4abe4a8c1be3f9d95aaeeb503bc079d2c1c0b3c4cf895e1169cc8e4c9a3cd35858131bef15ffe7e9a54f26cda4c51232742c6baef5adc9bc79728834294f1

    • SSDEEP

      6144:PY385ooT0DwnlgcXLJlHdqRq11tPhr1Z40:A385DoDwnmc7JXqRqLdq0

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks