Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10199ba836bb58c20eeadbd6ef1f8fefc22a0b4989804a947c5b7440e8acc3d6

  • Size

    378KB

  • Sample

    240616-t9g9qathkm

  • MD5

    e416f0c4545a8ab20ba9b6960216dc27

  • SHA1

    f5dcbd5318597802f0fa8e66dcd67e85e694c774

  • SHA256

    10199ba836bb58c20eeadbd6ef1f8fefc22a0b4989804a947c5b7440e8acc3d6

  • SHA512

    4184fa2cc96cdef5958393b928c3eb9dfbd4ef9258941c8afa3bb4bb2ecaf7b1a7d615c348facd9ed5e0db8f8eadea03018a2791a1c1eca11165216deabdaaac

  • SSDEEP

    6144:0d9UENHk4ctLWUXll0QrdHgc+7X4nrgHEIOubT2:ehNH1cnX8P1snEHE/8

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

5.42.64.56

185.172.128.69

Targets

    • Target

      10199ba836bb58c20eeadbd6ef1f8fefc22a0b4989804a947c5b7440e8acc3d6

    • Size

      378KB

    • MD5

      e416f0c4545a8ab20ba9b6960216dc27

    • SHA1

      f5dcbd5318597802f0fa8e66dcd67e85e694c774

    • SHA256

      10199ba836bb58c20eeadbd6ef1f8fefc22a0b4989804a947c5b7440e8acc3d6

    • SHA512

      4184fa2cc96cdef5958393b928c3eb9dfbd4ef9258941c8afa3bb4bb2ecaf7b1a7d615c348facd9ed5e0db8f8eadea03018a2791a1c1eca11165216deabdaaac

    • SSDEEP

      6144:0d9UENHk4ctLWUXll0QrdHgc+7X4nrgHEIOubT2:ehNH1cnX8P1snEHE/8

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks