General

  • Target

    548bc8bc69c5fb00f410b5a43eb9ce0150884de44fbfec0f858c8110c7ce9499

  • Size

    424KB

  • Sample

    240903-vfsc9s1fkp

  • MD5

    8294eb1e77dc1c9ea9bd5f83414f3c33

  • SHA1

    fa8de9d00e9078bbd5901549a6d657963f282567

  • SHA256

    548bc8bc69c5fb00f410b5a43eb9ce0150884de44fbfec0f858c8110c7ce9499

  • SHA512

    5e32aacf48208f273d6002c3724d740de182b8618a484728629b6748faf01b3f71f57853c8492b97437ef936829b69e2630607a59378c953a480b8df80c222c7

  • SSDEEP

    6144:bJosvDBfWs3zu1sUSjwaPujrNVOyQRjarBEJb:b2svDBfvDu1sU7aPujO3Rjy

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      548bc8bc69c5fb00f410b5a43eb9ce0150884de44fbfec0f858c8110c7ce9499

    • Size

      424KB

    • MD5

      8294eb1e77dc1c9ea9bd5f83414f3c33

    • SHA1

      fa8de9d00e9078bbd5901549a6d657963f282567

    • SHA256

      548bc8bc69c5fb00f410b5a43eb9ce0150884de44fbfec0f858c8110c7ce9499

    • SHA512

      5e32aacf48208f273d6002c3724d740de182b8618a484728629b6748faf01b3f71f57853c8492b97437ef936829b69e2630607a59378c953a480b8df80c222c7

    • SSDEEP

      6144:bJosvDBfWs3zu1sUSjwaPujrNVOyQRjarBEJb:b2svDBfvDu1sU7aPujO3Rjy

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks