Overview

overview

10

Static

static

3

1c9523e4ca...fd.exe

windows7-x64

10

1c9523e4ca...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_dee7ef4c7f75ae59bdf4c8f7b393a5bd9a060bbc05659eeaf991b704f7b2f39f

  • Size

    2.2MB

  • Sample

    241222-e6dd2atnhn

  • MD5

    91e6643c0ec40f1ece4a0306fb01be52

  • SHA1

    b4bd1e6a6b42974a8bb799d2ee0ca5a5a7fa23b9

  • SHA256

    dee7ef4c7f75ae59bdf4c8f7b393a5bd9a060bbc05659eeaf991b704f7b2f39f

  • SHA512

    e59372edb7846d63c9a82c10091aa63e1a5281a55107531711d0dcc1cb434433cfa0d6d40c8df2c9780b215d87dcc10ec9409dbac3087cf6d2264a4d6fb9e428

  • SSDEEP

    49152:fd1NW/3PWbGhjvkInAfoVbNMQt3OlVSuZvzVd3T9vFaQAOPI9ha:fNU3Z1vGaNMQdMVJxd3Pmva

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      1c9523e4ca9221b424a44feb028834a2829e302e7fbc89b9aff8a4b63a7e34fd

    • Size

      2.3MB

    • MD5

      7e50c3b5dc06bc592f7acd4b8c03ad3c

    • SHA1

      6a30c38880bd30358484bc1741d67a8a815f2322

    • SHA256

      1c9523e4ca9221b424a44feb028834a2829e302e7fbc89b9aff8a4b63a7e34fd

    • SHA512

      50a866d1f7d47e4462ef3963c0b2e79e66b4ced753d32a5d96d44fa7c38a2bdd3b04fd0af8db33bbcbed884388e14cd91024c2555388f971e75d435d3a5410c2

    • SSDEEP

      49152:Z25fD8F3tybYnBRkIt8xex/BM2L3YP7S6ZvdVd/FBvLOqcyNA5hq:MhDA3fBRIsBM2ra7r/d/bWDq

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks