General

  • Target

    441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92

  • Size

    270KB

  • Sample

    240522-tspmgagh9v

  • MD5

    2dd4c7105c13ef07fba4aa155e081840

  • SHA1

    e8d328c9e163490b0d22f781bc6fbaa481b97ad7

  • SHA256

    441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92

  • SHA512

    53998bc7f2b227a63a559db41e2587d3e318667e1c9abeed937a10e0661bdfba1d34e70ca543ef45aa8d7311f56047cf483f61b0ed7221bca5245b578090f833

  • SSDEEP

    3072:Es2Fhz52XsaRmJ+w+JkAu/heWp0gaWOsGI7b8nrvD3UD7hLSe8140QYtJqUAsZ/3:WccymjqBW65YGIsnrAX14tOMF

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92

    • Size

      270KB

    • MD5

      2dd4c7105c13ef07fba4aa155e081840

    • SHA1

      e8d328c9e163490b0d22f781bc6fbaa481b97ad7

    • SHA256

      441e5e59d01f656d8cb69cf40ee60938e91f422c03b2556de953f811a839df92

    • SHA512

      53998bc7f2b227a63a559db41e2587d3e318667e1c9abeed937a10e0661bdfba1d34e70ca543ef45aa8d7311f56047cf483f61b0ed7221bca5245b578090f833

    • SSDEEP

      3072:Es2Fhz52XsaRmJ+w+JkAu/heWp0gaWOsGI7b8nrvD3UD7hLSe8140QYtJqUAsZ/3:WccymjqBW65YGIsnrAX14tOMF

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks