General

  • Target

    def4d4784c21e82d12c9f66b192d3a809f1aa4c03f0120a169e20989e069f540

  • Size

    271KB

  • Sample

    240902-mhqy8ayakn

  • MD5

    284d9604f49bf6f36b56035bf1807a7b

  • SHA1

    7c573a5923231d20b5e8d8bf52d585f4849c4384

  • SHA256

    def4d4784c21e82d12c9f66b192d3a809f1aa4c03f0120a169e20989e069f540

  • SHA512

    cff1e933ab9a5990bbbf960efc52dd9ffe1c5562bd95fe7c31bb6e970b84f4655ede81f20cc3f2d61830e71fb7e036ed707daed4582f2a5c6a909904a6e2f8c7

  • SSDEEP

    6144:5XBoBMvaF1X2Ta5OV2dpwgpniVBtpnDAqjRSZsVgqKr:5UMvaCa5OBo8BzDLm9

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      def4d4784c21e82d12c9f66b192d3a809f1aa4c03f0120a169e20989e069f540

    • Size

      271KB

    • MD5

      284d9604f49bf6f36b56035bf1807a7b

    • SHA1

      7c573a5923231d20b5e8d8bf52d585f4849c4384

    • SHA256

      def4d4784c21e82d12c9f66b192d3a809f1aa4c03f0120a169e20989e069f540

    • SHA512

      cff1e933ab9a5990bbbf960efc52dd9ffe1c5562bd95fe7c31bb6e970b84f4655ede81f20cc3f2d61830e71fb7e036ed707daed4582f2a5c6a909904a6e2f8c7

    • SSDEEP

      6144:5XBoBMvaF1X2Ta5OV2dpwgpniVBtpnDAqjRSZsVgqKr:5UMvaCa5OBo8BzDLm9

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks