General

  • Target

    47b77a6c336379a17d981682c6da88d4db9fdbf9b8ce14409763fbe0579845cf.exe

  • Size

    2.3MB

  • Sample

    241222-snxxlssmen

  • MD5

    a39b44970fc7fa06264aa0847966f352

  • SHA1

    66719035f9fcf010830b24d73a0998df0f211a45

  • SHA256

    47b77a6c336379a17d981682c6da88d4db9fdbf9b8ce14409763fbe0579845cf

  • SHA512

    162cdd7fb0b1040cfa3f3ded90aeb98ea8ddec7b51bdad79c62794a5dd82782609796c1d7d3cc5828ce6ce99b02ad14f2537c88b53cefa6b0c6b36b9791d4874

  • SSDEEP

    49152:AGNjxMcyo1CFX5x7fcVq2b+Qp30Ys6soqD+XYCqwKQOsjQ3OOKt:dNjxu+eX5x7fcVq2h3m6soq6XYBwbOsV

Malware Config

Extracted

Family

gcleaner

C2

208.67.106.156

87.251.71.107

193.151.183.73

208.67.104.141

Attributes
  • url_path

    /i.php

    /get.php

    /setup.php

    /setup.php

Targets

    • Target

      47b77a6c336379a17d981682c6da88d4db9fdbf9b8ce14409763fbe0579845cf.exe

    • Size

      2.3MB

    • MD5

      a39b44970fc7fa06264aa0847966f352

    • SHA1

      66719035f9fcf010830b24d73a0998df0f211a45

    • SHA256

      47b77a6c336379a17d981682c6da88d4db9fdbf9b8ce14409763fbe0579845cf

    • SHA512

      162cdd7fb0b1040cfa3f3ded90aeb98ea8ddec7b51bdad79c62794a5dd82782609796c1d7d3cc5828ce6ce99b02ad14f2537c88b53cefa6b0c6b36b9791d4874

    • SSDEEP

      49152:AGNjxMcyo1CFX5x7fcVq2b+Qp30Ys6soqD+XYCqwKQOsjQ3OOKt:dNjxu+eX5x7fcVq2h3m6soq6XYBwbOsV

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks