General
-
Target
360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc
-
Size
33.0MB
-
Sample
241108-hg6k3axhlq
-
MD5
43c4e1f4bb5009032027a7cccbde7a40
-
SHA1
2a690d794fdac6f7893c5585d32622c693cb4abc
-
SHA256
360790a458803634b049c75f5a6b181042dc1be365e1d87552a1ea98bbe9f9cc
-
SHA512
30a874de92b10fdc09a00494432d854b437dbd2db2575a65f5ebe1abec227bd781c8b851fe74e335e7fe5a95054eeb53beda4e5dd62b417e0884d751031cadd6
-
SSDEEP
786432:Mn1LRiC0KUGwyOvqrwFrm1PUIviIgKfmKJAXdmqIkP:GV05nCrfPU3IgcmKJAr
Malware Config
Extracted
gcleaner
gcc-partners.in
gc-partners.rest
Extracted
cryptbot
basessrb23.top
basessri42.top
basessrn17.top
-
payload_url
http://dfgggloadt11.top/download.php?file=lv.exe
Targets
-
-
Target
078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe
-
Size
272KB
-
MD5
24d896a9848eb79691aea8bed9f6e1cd
-
SHA1
79e7662d51aa788d4074afdd6ab34a23e8bd61dd
-
SHA256
078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d
-
SHA512
a1b6867a5f6bbd39860245daa398a0f07fd02329cf26ad8c78844a19f002fc73a6b02013287e6bf4622189eb5ede6b201d48a5ec08e6232ac5d4ad74fa5f9a55
-
SSDEEP
6144:bcMpYYcEGU6QWc4QxpRzPTpfws6UprNm:bcMncLU6O4QL4C
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe
-
Size
264KB
-
MD5
b7eb2b7f0d418ca942c7e2e5ac377c27
-
SHA1
74a945bf285b7f21c53de4d748ee25e0c5b99d0a
-
SHA256
07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17
-
SHA512
51bbf420069a6f21c239b885f92f24ef488dc26667c16950243823beb0c032a663654f14ab3a269fe88c6726f4bc6e6ffa1bfc85224e32caaedb5353e8a73527
-
SSDEEP
6144:23y4J+8oJehF8COL8mqX1DTY7A17an97:5T8ou8BL891D87X
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe
-
Size
263KB
-
MD5
a796e749e3fbacc298320e1e50025218
-
SHA1
aff3100a97f0915c2beabbab00e7860727cee6bd
-
SHA256
083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c
-
SHA512
c421174fd53117dddf9bb71d55517e443b29886069008a85aac5407107ae9c136842178784f6fba990a1ba831a344623b91152cdc0fb5172c629cfd41c8b32af
-
SSDEEP
3072:ZEeepgHW62YD4Zx6vHB5cXLvBa2YQE87tsCEvVx5yMAN0cQvep3his+:vepgvJDqwvh5cXDLfE87tNSTM6cEeS
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
-
Size
351KB
-
MD5
73f7ae135b1bf7d5f6b496db53b126e9
-
SHA1
6bdddb2c1ad14066378620ea1ead917f237b2053
-
SHA256
08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff
-
SHA512
6b1d1ff84c401c2b6d55318479f2ddabd011d7589d3b14cedf75041a2a800eeba0cc550680c71ff39258a4b0250dc6f0d5cebc556afa832bfb8648debc90dd23
-
SSDEEP
6144:oVmHUktMXuPRRcSbMSa53KT39Z8wephq7ioVTOTDCDvOkiuosFglBp1:oVlXcyNKrH8wepwtVTOPMOk9Ef
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe
-
Size
291KB
-
MD5
dcc4b7da918a5a9c557b25c2d5aaca88
-
SHA1
907bede7c10648b14014b66ec20d1b89f08bac85
-
SHA256
08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6
-
SHA512
4f2995adeac07af8aad51d36e797bb9d440790426c53ef4008d1bd602cb23af7241907a342ddb4e59127dec9353c32a25c47c18cb1b0e789c641861b5e8833af
-
SSDEEP
6144:cIbV0pAcZpYczXOHY24/YHiO2sykcenSlgHS:zbV0dZ6EXqCYHiHsylenkgHS
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
-
Size
583KB
-
MD5
7caf6ef7a1c22e7fc0b86eeacde90877
-
SHA1
1cd4567a334a9c07ba4eb6bda810523be182cf88
-
SHA256
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd
-
SHA512
0aa4a9b3958ae519d5cf6e1e1080afbe515c009c2a18b923742bb213e892972a741d4a48190c46f992514c405e4bc0ead51501d057519e665f1a6a4ce15fe0cf
-
SSDEEP
12288:VynawiFoPmL0y5zWGFF6O7+d36xY+6KMKo6RUZyhj6wX6+N:VynawBPKRFEO6tuY1JBZmrX
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Cryptbot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe
-
Size
262KB
-
MD5
8610f7ce55a3d61c0bc96fa358a0ba8b
-
SHA1
7c14dc94934cc30ab1f46ac34eab48ea454a13cd
-
SHA256
0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0
-
SHA512
ee8013b32dbe4054be057beca2f3c79ab4d8c6a458dbd0291bcf3b37cc6282e4339811684ca23a2ad4b2b1487eb32e7b962932ded3538f6979ffa54169233edc
-
SSDEEP
6144:l8Wz5JOf4MFECTZsykxvoxELbM3NcXbYHH8xXA17ant:lp5kdFTZYxoEPM3N1n8BXt
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe
-
Size
336KB
-
MD5
c0b51e91c6f8576cbee97763df849640
-
SHA1
6b1dbce76de34eccf73f61b753fabd45f5dd2c36
-
SHA256
1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6
-
SHA512
509fa13861e4da16adec7669de890f7f7c7271106d35de4abed46659ad8b30a3d17d17a59436363235fd7dca7662e045c1e5e3ac29c5a603bf82136c2b0aa3a1
-
SSDEEP
6144:zXD8kXIof8Te9ykvR/LVuiK8a3PiaewuRJCsDp5k3Omxb6Kaq81:zTP54eUkvJZJK/3PiBHp15W/xW/qM
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe
-
Size
561KB
-
MD5
5e9712e43f7474e4b605e4aead37bde8
-
SHA1
fd091b56d35d223029680c2d05b229be395d4875
-
SHA256
152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e
-
SHA512
be4f79c70ad4eec73bac4e113d633d5f4b03162e22d73202a7f128fe282d5f6cdee8b919a6582bd64f249fdf5140e085e20df5da03bf6154e8b36ee4876b15db
-
SSDEEP
12288:MxjItJ8d0hh5bNU6IcBas4u50S3p8k3S/eIi:OjIAdC5BIdsp3p8k3S/
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Cryptbot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a.exe
-
Size
529KB
-
MD5
87ffa76ae480b1845120f7fbebe5f331
-
SHA1
27d0003fa504b69e89e4fe6bd9972d0924cbfd14
-
SHA256
18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a
-
SHA512
c19f13f5885fe5df81faaf765670058a14824f90b4d81ec5797cf6d4607ae11e4f7ee905ed3d1f7c2ecaae95d447929fe61f2b429308fdf0a95621351ddf3964
-
SSDEEP
12288:D69HG69f5XZgJBnvqxRbTtJhzqbFnoeZX/b9uXnTxZ:DUHGQf5iVva9tWbFnoeZPJuXnT
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Cryptbot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe
-
Size
326KB
-
MD5
597b0a979d69275997c225baa590cf0f
-
SHA1
65ed774808432eba39ed98e598df0559097d2350
-
SHA256
1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5
-
SHA512
c7c7f91522d235ab5de0e29deb7bf216e24c8162f86a6b0894df4beee2f41df5c67084bcefbceeaf1d608d7f88fd31da90e4b8c88c5a58239e1686fb75e9e1b0
-
SSDEEP
6144:TmcLiAEvPRJTSVzkI3c5/yD5FnhsBQhtHf9psFni55ttytEGE2o1Ps8o:qEvCrKXM5wNgQhNF863tnn2ohZ
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
1fe8e976dc31ecc74c27018b3a7550e3c16c39b05f17237a39f59a1cf262330b.exe
-
Size
352KB
-
MD5
7c206dae3d5cb963584b75a2ecce94a8
-
SHA1
7eaff221e85eba8400bed8f7dc156b7984f2e08c
-
SHA256
1fe8e976dc31ecc74c27018b3a7550e3c16c39b05f17237a39f59a1cf262330b
-
SHA512
62d67495e0ea6a689a90fcd347b73331866b36c3a2cd865a3f799b2ad31805426dc60b065ee8326912b07182893ef134304d985eae920ee771173c16b93b6b10
-
SSDEEP
6144:Xz4yogIavrr+nSZxN0SNbnsIu0kgKmUqO9CCyxMjcUNA1ElBY/8qnJH3TTc:j4/gIav+SDN0IsIu0khma1LjMmlB+JXU
Score7/10-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3.exe
-
Size
258KB
-
MD5
692db76fc2cfc8c998aa2817df1e1ba8
-
SHA1
e3c5b90dd7d4b6732a6d62220cab0a810c1101a2
-
SHA256
231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3
-
SHA512
6a11c1e47425aa2b2cbb430b16f91ccac8bb7bbfe1f325b5f641346c9aaa006ab024243dae301ed3e1385147813c2db571f8ce17c96554e50b4015ed4aded1e6
-
SSDEEP
3072:afsgZDzBFF+bxjW8JuHx/vrPI/S+j0kxAWnWSNCrNCRtKnnnh/Y5NVK:aHdjFiWH1vbITj1xWSNCrNCRAnhYV
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
-
-
Target
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
-
Size
583KB
-
MD5
004f3bd262190bd79a6a90744be507c9
-
SHA1
069a52de16b7f52f7de55cee23689212a0695736
-
SHA256
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a
-
SHA512
64004a74065783d888066660f77a216dbb0c23f6a1b319ea66410fcd19aa13c82a79386f83e220ea53a2458d6a64aba4ea3453d137fa55fd236b1d7c2ae2c4b9
-
SSDEEP
12288:5NRddvGBjE0F4OQkviP2k4eE3TRVROKDsH6Bx4BO7aG:nRcAvOQgwYzO6Qlya
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Cryptbot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
-
-
Target
26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f.exe
-
Size
529KB
-
MD5
ce045f72641a7162117870dc35eb3dc2
-
SHA1
2d7e768407b6a2ba6aa6f5af302af5b391c1d0c6
-
SHA256
26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f
-
SHA512
794a818ce5a0475e319c731e0162cf22d51b363a3050c6aa6828566b0d7b4c82efc1de9b680168da65e0c39de5c804a1797223c82c1b025359a166051700cbb8
-
SSDEEP
12288:oTGv68hozTgVcyWRujnvqdnH6vck7XZ20/OwDogA:o6v68hMTgaHuUH6US20mw8g
Score10/10-
CryptBot
CryptBot is a C++ stealer distributed widely in bundle with other software.
-
CryptBot payload
-
Cryptbot family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe
-
Size
283KB
-
MD5
bd65a2ec690209cf1b1f3e7bfb5e2ec7
-
SHA1
730276213621d94d3e042055ba0f72255c35767a
-
SHA256
2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099
-
SHA512
58356211216ccffca8ace3924b37622b06e1ff69bf213a9d84a2834a605d16ab9a7bd19fc881b57ec484770b1cc1394d390c685af9e75c7f022042cfa8d9499f
-
SSDEEP
6144:MHkTW9vF3glq0PxpbRi4AuvcaBWqARSiYxe3Dh:CkTaFQlNpl/Lvc8WqJrGV
Score10/10-
GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
-
Gcleaner family
-
OnlyLogger
A tiny loader that uses IPLogger to get its payload.
-
Onlylogger family
-
OnlyLogger payload
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-