General

  • Target

    80acce03867fb6ff817ea4e58eadb92d8d0bbec682934389d59a281bd383f441

  • Size

    304KB

  • Sample

    240903-cwwrhsvbnp

  • MD5

    76199fdc063fc6abf3a561f8f0dce021

  • SHA1

    042ed46da9c9587f981030baddf5c6e477fa7e76

  • SHA256

    80acce03867fb6ff817ea4e58eadb92d8d0bbec682934389d59a281bd383f441

  • SHA512

    b7b6a1350f4cb933006a8a575de12aa759d32c4b9fcfdd143b5c107b12224591cd8bac85e581b27f1c3e1978cdb38275e43469905935c862b524fe21a9f244a0

  • SSDEEP

    6144:iBEoclnoH4dckDDFBZiEjfgjYXPmbYuThLogqex:MEocbdLZzP/ohLbx

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      80acce03867fb6ff817ea4e58eadb92d8d0bbec682934389d59a281bd383f441

    • Size

      304KB

    • MD5

      76199fdc063fc6abf3a561f8f0dce021

    • SHA1

      042ed46da9c9587f981030baddf5c6e477fa7e76

    • SHA256

      80acce03867fb6ff817ea4e58eadb92d8d0bbec682934389d59a281bd383f441

    • SHA512

      b7b6a1350f4cb933006a8a575de12aa759d32c4b9fcfdd143b5c107b12224591cd8bac85e581b27f1c3e1978cdb38275e43469905935c862b524fe21a9f244a0

    • SSDEEP

      6144:iBEoclnoH4dckDDFBZiEjfgjYXPmbYuThLogqex:MEocbdLZzP/ohLbx

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks