Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b136aa92ce09fd40d8df8e1482b60653f1aa181b82c613bbab68785d6d7de7dd

  • Size

    292KB

  • Sample

    240526-kck5nsdb75

  • MD5

    583d46cf0de48deb8edbebb0f8ca9f2c

  • SHA1

    805772046eb1bdfb6de597d54ae7c1a87d727b8e

  • SHA256

    b136aa92ce09fd40d8df8e1482b60653f1aa181b82c613bbab68785d6d7de7dd

  • SHA512

    c2432c73196030af0332c09c688e23da9664dbcf788f17a2defd08bd731591ce2adfb1f1c652b87a003be77ee951851ecd9a8d660b8c1adc905eb4f999089e05

  • SSDEEP

    6144:zKUFfHXsi/uG6/yAAkZVNsGhtLew2DD6JYiNYzcT:zKOPcip6/yAJVO0r2DDUH

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      b136aa92ce09fd40d8df8e1482b60653f1aa181b82c613bbab68785d6d7de7dd

    • Size

      292KB

    • MD5

      583d46cf0de48deb8edbebb0f8ca9f2c

    • SHA1

      805772046eb1bdfb6de597d54ae7c1a87d727b8e

    • SHA256

      b136aa92ce09fd40d8df8e1482b60653f1aa181b82c613bbab68785d6d7de7dd

    • SHA512

      c2432c73196030af0332c09c688e23da9664dbcf788f17a2defd08bd731591ce2adfb1f1c652b87a003be77ee951851ecd9a8d660b8c1adc905eb4f999089e05

    • SSDEEP

      6144:zKUFfHXsi/uG6/yAAkZVNsGhtLew2DD6JYiNYzcT:zKOPcip6/yAJVO0r2DDUH

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks