Overview

overview

10

Static

static

3

0d4afd2cfe...4d.exe

windows7-x64

10

0d4afd2cfe...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa7383138b89d723bf99d6b40e9758ae.bin

  • Size

    230KB

  • Sample

    240616-c8xjkszgmp

  • MD5

    1e64c7b82541cffdf3c07e2c31f7cda0

  • SHA1

    110d75ed58d9dec190a052c727d857931c062bbe

  • SHA256

    30f369545192f89f2be9e17a9c9335e6d9725104253a8f2e5dbe2a00c36ab589

  • SHA512

    282da4e10053f9aea93ccd71f6e774173aa9d258fdd1cb6e7725bb56ddac005ef1cd320e3bbe49ccbb5eebde67384c1169ff2ea5f0a4464a907ddb619cc82ef2

  • SSDEEP

    6144:7dc+KMFFNL3o6lB2anQDeRwqT+nU/fZh5Ogzlh9EzyoYW:7d4MFvLL2dDeR0GZhlREQW

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d.exe

    • Size

      370KB

    • MD5

      fa7383138b89d723bf99d6b40e9758ae

    • SHA1

      32b4bb823a8decec83ff94f5bc944d3501c6a4fe

    • SHA256

      0d4afd2cfed2d28a10ab663aa0c51f4b60d587b49020893490c5db7cbc9d0a4d

    • SHA512

      ba17701e8c0014adb1d34e202523561217aa3d4f0fa2d3c753a2f42fc076baa0d4759c207d3112304d678a5a79643c67442a6b48a55032a6f1a4c7afc2d6b688

    • SSDEEP

      6144:j6N7kOswEGuk80dNtHJpqkRMzGQLDSvTH:KkYvpfBCaQL+H

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks