General

  • Target

    625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d

  • Size

    271KB

  • Sample

    240523-as7y9seg5v

  • MD5

    29a578e9ca5f23457a46957565033ed1

  • SHA1

    045244ff6ab7488196eefbb98e80d7e3d08bcfab

  • SHA256

    625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d

  • SHA512

    8e4c1770383af78e41b44a1ae6e0821b74c27697d52115a7da07b110da48ea7d7689fdec3ca44fcfd236942d6b38e0873efab4f27bba717264ae99d0de666bb3

  • SSDEEP

    3072:qszvEp6yhByoQ2g2Z6+ls2w4NVRQEQBB/p5VPcLJT/am0Az13luQrhRT8UeaFXOu:V3QYo89GgjxTUVr0Az11uARTFeaFhP7

Score
10/10

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d

    • Size

      271KB

    • MD5

      29a578e9ca5f23457a46957565033ed1

    • SHA1

      045244ff6ab7488196eefbb98e80d7e3d08bcfab

    • SHA256

      625f6d25ec7575ecdeba86082b63f829d149349fe460bfe39fa3c02b288a057d

    • SHA512

      8e4c1770383af78e41b44a1ae6e0821b74c27697d52115a7da07b110da48ea7d7689fdec3ca44fcfd236942d6b38e0873efab4f27bba717264ae99d0de666bb3

    • SSDEEP

      3072:qszvEp6yhByoQ2g2Z6+ls2w4NVRQEQBB/p5VPcLJT/am0Az13luQrhRT8UeaFXOu:V3QYo89GgjxTUVr0Az11uARTFeaFhP7

    Score
    10/10
    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks