Overview

overview

10

Static

static

3

4453b9f6ad...4d.exe

windows7-x64

10

4453b9f6ad...4d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4453b9f6adf4307de337cb6d919a5a5021aff5a00d0f8627f395c5f0c6f5624d

  • Size

    365KB

  • Sample

    240616-wp1axavenm

  • MD5

    a8d8dad594ea632e322e42977ebc099f

  • SHA1

    656c398d5e4ef5e742d14524fdd6e4cca68387d3

  • SHA256

    4453b9f6adf4307de337cb6d919a5a5021aff5a00d0f8627f395c5f0c6f5624d

  • SHA512

    96f0802d4d8c8c29387c8240323d65cda146f10b23b1089a81e087dc998b6d612e82e1ca25fe14453a636e4ca026feeb924fdad612c0fa1c92f84fd57fcbe544

  • SSDEEP

    6144:UjNLzUb6oGqDrm/ICDCh7DVOnKamuA4wy57ApV:UBMbN3u/IRdDVUKeALm7

Score
10/10
gcleanerloader

Malware Config

Extracted

Family

gcleaner

C2

185.172.128.90

185.172.128.69
Attributes
  • url_path

    /advdlc.php

Targets

    • Target

      4453b9f6adf4307de337cb6d919a5a5021aff5a00d0f8627f395c5f0c6f5624d

    • Size

      365KB

    • MD5

      a8d8dad594ea632e322e42977ebc099f

    • SHA1

      656c398d5e4ef5e742d14524fdd6e4cca68387d3

    • SHA256

      4453b9f6adf4307de337cb6d919a5a5021aff5a00d0f8627f395c5f0c6f5624d

    • SHA512

      96f0802d4d8c8c29387c8240323d65cda146f10b23b1089a81e087dc998b6d612e82e1ca25fe14453a636e4ca026feeb924fdad612c0fa1c92f84fd57fcbe544

    • SSDEEP

      6144:UjNLzUb6oGqDrm/ICDCh7DVOnKamuA4wy57ApV:UBMbN3u/IRdDVUKeALm7

    Score
    10/10
    gcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks