Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    473de0cfd6a9b2d71ea3f9db86c0f4bc83003a7ea710dd6968bde614969609cb

  • Size

    344KB

  • Sample

    240527-3jr6nsfc75

  • MD5

    08545811862e0988ff75e2cefb7197ad

  • SHA1

    44a94206f67ea6ba1a8eb7e670351fcd9b4cd9db

  • SHA256

    473de0cfd6a9b2d71ea3f9db86c0f4bc83003a7ea710dd6968bde614969609cb

  • SHA512

    5909c910ca15b8cae493b8437a855542c95ae3b976dcba2dc1ff2b03b6aa7f623d7bc00aeec7c58d84442575245c384b0058e2b3f3ccf7c07d19602a83926680

  • SSDEEP

    6144:d9DRCQ9xRyM8fyxJ+FFmlpEtEMQt9lIeUe:jDb/DJHZtn

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      473de0cfd6a9b2d71ea3f9db86c0f4bc83003a7ea710dd6968bde614969609cb

    • Size

      344KB

    • MD5

      08545811862e0988ff75e2cefb7197ad

    • SHA1

      44a94206f67ea6ba1a8eb7e670351fcd9b4cd9db

    • SHA256

      473de0cfd6a9b2d71ea3f9db86c0f4bc83003a7ea710dd6968bde614969609cb

    • SHA512

      5909c910ca15b8cae493b8437a855542c95ae3b976dcba2dc1ff2b03b6aa7f623d7bc00aeec7c58d84442575245c384b0058e2b3f3ccf7c07d19602a83926680

    • SSDEEP

      6144:d9DRCQ9xRyM8fyxJ+FFmlpEtEMQt9lIeUe:jDb/DJHZtn

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks