Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1b4f4c3780297e1db49b325004870501280478272777b93757678644ba22fa1c

  • Size

    287KB

  • Sample

    240520-lt3ayseb42

  • MD5

    b9a0fb2e5de338677000af13853a7259

  • SHA1

    90d6e6f9e0d2c025ded6552ff6674cf2224adf7e

  • SHA256

    1b4f4c3780297e1db49b325004870501280478272777b93757678644ba22fa1c

  • SHA512

    d1a8a3a8d0aac46e908e2121c1f8e9dbe6799d058d07ebd05bdd3a02fa35089e8e8032a902c08cfb3625dc434f71b558c55fc2d73ee3c999a0dba28955c69471

  • SSDEEP

    6144:r5mY2g1UhO8vSD96v7Y6KF5fEG7KHgtaZ40:VmY24W17FiGq0

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      1b4f4c3780297e1db49b325004870501280478272777b93757678644ba22fa1c

    • Size

      287KB

    • MD5

      b9a0fb2e5de338677000af13853a7259

    • SHA1

      90d6e6f9e0d2c025ded6552ff6674cf2224adf7e

    • SHA256

      1b4f4c3780297e1db49b325004870501280478272777b93757678644ba22fa1c

    • SHA512

      d1a8a3a8d0aac46e908e2121c1f8e9dbe6799d058d07ebd05bdd3a02fa35089e8e8032a902c08cfb3625dc434f71b558c55fc2d73ee3c999a0dba28955c69471

    • SSDEEP

      6144:r5mY2g1UhO8vSD96v7Y6KF5fEG7KHgtaZ40:VmY24W17FiGq0

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks