General

  • Target

    8f647e3e093b0ddd56b4ba3b3e6ef6297f8f27d20089c6d4ff5af5b66cf66774

  • Size

    413KB

  • Sample

    240901-3ljbjswbpf

  • MD5

    656e582e7d08d0d7e50688ca878a0ce2

  • SHA1

    65fe641506b2df2a633f212cf50a5a0ca54fa8f9

  • SHA256

    8f647e3e093b0ddd56b4ba3b3e6ef6297f8f27d20089c6d4ff5af5b66cf66774

  • SHA512

    57d1a8a57b3ce824bc2e5a92ea00264039a38be7f40920becf1f83f00cdcf0ba3f58b33d8d2742febe259004eab4fb509d29a4d014fa56b4dae8ad8087f5dbb0

  • SSDEEP

    6144:XF0QZUZcwHpGIrpwxxLoNuL/gqtFCzhAbno:XFFZUIFxxL8qtFch/

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      8f647e3e093b0ddd56b4ba3b3e6ef6297f8f27d20089c6d4ff5af5b66cf66774

    • Size

      413KB

    • MD5

      656e582e7d08d0d7e50688ca878a0ce2

    • SHA1

      65fe641506b2df2a633f212cf50a5a0ca54fa8f9

    • SHA256

      8f647e3e093b0ddd56b4ba3b3e6ef6297f8f27d20089c6d4ff5af5b66cf66774

    • SHA512

      57d1a8a57b3ce824bc2e5a92ea00264039a38be7f40920becf1f83f00cdcf0ba3f58b33d8d2742febe259004eab4fb509d29a4d014fa56b4dae8ad8087f5dbb0

    • SSDEEP

      6144:XF0QZUZcwHpGIrpwxxLoNuL/gqtFCzhAbno:XFFZUIFxxL8qtFch/

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks