General

  • Target

    mushi.exe

  • Size

    304KB

  • Sample

    240903-abfhpa1dkj

  • MD5

    8a652c03bfad97a420a5daf8ed6767b4

  • SHA1

    4dae3dc80bbf391c09535a2f5e8a1d140c62a9eb

  • SHA256

    01cadf3859ec164b87007c62a80b897f9a4d9afecffc3c912e4ead6e35759031

  • SHA512

    83c42f7c9ab26274f573f8bd57a14eb7e2903b8f9d0a848072efdcd8b0354cf21a66ed50d988c18f2e35e260371565c8c31d3cf34448e205925d8e33088e2a94

  • SSDEEP

    3072:BDB4D8xL0joBe45KsQZmoUfr0IkdJWpO3+JWTpZp7cxoCLnWQWga9//qFPq2nM:1B4D8xL0joBN5SZZjMO3HTz5cmCRgqF

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      mushi.exe

    • Size

      304KB

    • MD5

      8a652c03bfad97a420a5daf8ed6767b4

    • SHA1

      4dae3dc80bbf391c09535a2f5e8a1d140c62a9eb

    • SHA256

      01cadf3859ec164b87007c62a80b897f9a4d9afecffc3c912e4ead6e35759031

    • SHA512

      83c42f7c9ab26274f573f8bd57a14eb7e2903b8f9d0a848072efdcd8b0354cf21a66ed50d988c18f2e35e260371565c8c31d3cf34448e205925d8e33088e2a94

    • SSDEEP

      3072:BDB4D8xL0joBe45KsQZmoUfr0IkdJWpO3+JWTpZp7cxoCLnWQWga9//qFPq2nM:1B4D8xL0joBN5SZZjMO3HTz5cmCRgqF

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks