Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8420995c724cb799a7fde56eece43118fca98fbaf816403f35ee96d471f727d

  • Size

    299KB

  • Sample

    240904-yk3atavfrn

  • MD5

    1cdbb7b73ae1a55aadd194d340690d3a

  • SHA1

    bd04d3bd46cbe6fa259b0f55a279b534a402170e

  • SHA256

    e8420995c724cb799a7fde56eece43118fca98fbaf816403f35ee96d471f727d

  • SHA512

    702950ad1471dd44d7695e2e273121e7d9043d0a45a33914af1108eb703fdb5c2d484bacb644144f5f44d9266dfe082c33e2f42dd03bfbdd2cb5538052db6318

  • SSDEEP

    6144:sfHn+TbryG/0oVtTpU7dQ02+JC4Bzf9yXcb:4Hn+TPyG3Ki0/C4a

Score
10/10
gcleanerstealcdefault1discoveryloaderstealer

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

45.91.200.135

Extracted

Family

stealc

Botnet

default1

C2

http://62.204.41.151

Attributes
  • url_path

    /edd20096ecef326d.php

Targets

    • Target

      e8420995c724cb799a7fde56eece43118fca98fbaf816403f35ee96d471f727d

    • Size

      299KB

    • MD5

      1cdbb7b73ae1a55aadd194d340690d3a

    • SHA1

      bd04d3bd46cbe6fa259b0f55a279b534a402170e

    • SHA256

      e8420995c724cb799a7fde56eece43118fca98fbaf816403f35ee96d471f727d

    • SHA512

      702950ad1471dd44d7695e2e273121e7d9043d0a45a33914af1108eb703fdb5c2d484bacb644144f5f44d9266dfe082c33e2f42dd03bfbdd2cb5538052db6318

    • SSDEEP

      6144:sfHn+TbryG/0oVtTpU7dQ02+JC4Bzf9yXcb:4Hn+TPyG3Ki0/C4a

    Score
    10/10
    gcleanerdiscoveryloaderstealcdefault1stealer

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Stealc

      Stealc is an infostealer written in C++.

      stealerstealc

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks