General

  • Target

    4400905576a5c650006c34a7657e827658238602d95a8102c68c20dcfb43fe3c

  • Size

    293KB

  • Sample

    241014-xxqxwavhkr

  • MD5

    3f10e2c68ddee76344904cbd92c3c150

  • SHA1

    d79657b5b4a6353268d5f7334382f142ddff3b47

  • SHA256

    4400905576a5c650006c34a7657e827658238602d95a8102c68c20dcfb43fe3c

  • SHA512

    1dc26d1ea36767036ddc834ff3e7ba395d262e03d6d7710f74e96f2b3054d90d7d343b2fcdb1b8275dbd0b0bff7e171c3bf294143a770a7f24dd9c69ead8434d

  • SSDEEP

    3072:T1wEmtR0+RcRyF46KDet3gXC0K2q5sMNf+BAJ5WQ+CoNhkW6FBxqXYvGrG:T1wE80+Rckm6Bt3gPKVNWE+FTIqI

Malware Config

Extracted

Family

gcleaner

C2

80.66.75.114

Targets

    • Target

      4400905576a5c650006c34a7657e827658238602d95a8102c68c20dcfb43fe3c

    • Size

      293KB

    • MD5

      3f10e2c68ddee76344904cbd92c3c150

    • SHA1

      d79657b5b4a6353268d5f7334382f142ddff3b47

    • SHA256

      4400905576a5c650006c34a7657e827658238602d95a8102c68c20dcfb43fe3c

    • SHA512

      1dc26d1ea36767036ddc834ff3e7ba395d262e03d6d7710f74e96f2b3054d90d7d343b2fcdb1b8275dbd0b0bff7e171c3bf294143a770a7f24dd9c69ead8434d

    • SSDEEP

      3072:T1wEmtR0+RcRyF46KDet3gXC0K2q5sMNf+BAJ5WQ+CoNhkW6FBxqXYvGrG:T1wE80+Rckm6Bt3gPKVNWE+FTIqI

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Enterprise v15

Tasks