Overview

overview

10

Static

static

3

c299ab6dba...1a.exe

windows7-x64

7

c299ab6dba...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5c62e8a6c5136c4a245b99a55be41debd4de7b4639a38d9b771504698a3f76f5

  • Size

    2.4MB

  • Sample

    241225-vz466szrcj

  • MD5

    91577b685f617641e0742ebf5fcf380a

  • SHA1

    190dcc61579b6ee3e25249d068d2b142646acd11

  • SHA256

    5c62e8a6c5136c4a245b99a55be41debd4de7b4639a38d9b771504698a3f76f5

  • SHA512

    0f58240d9756337802092d9cd3f8ba8ef362a0839e9450b4e61bf36d85b203399ac6d674d4e8d23fa2664ee4c663608d3563b884e75ce51c4c282e044752c4a2

  • SSDEEP

    49152:jDis2OuAVF5odcOgo9I/lu+viKOPIwYmjRN/c0x776TAom39mHMMbCxAS:jDiDO9VFih9INfs9Y4RJc0x7slKxM2OS

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.15.156.54

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      c299ab6dba225dab89bb803033fe4a475a1c36a8cc0d26177342c5936dba4b1a

    • Size

      2.4MB

    • MD5

      f04d59eaa535e1d128959c1ebcefbec5

    • SHA1

      ac71ca1b1482764b23acd599076411decdfefac0

    • SHA256

      c299ab6dba225dab89bb803033fe4a475a1c36a8cc0d26177342c5936dba4b1a

    • SHA512

      289454b15098487ca0614c474244974297c2653d706b6885bae662389eaf9c83670d46be74d361589451d30e9f6a84b7e922946fa4d44656c0c1c2b1a188c2f8

    • SSDEEP

      49152:Z2EZ/wsqGuYVr5ofuaIo9YBlS+10KiHqwOsjRz/cqxjD6TcY+vLmvMMfA5hq:M6/w5GRVra39YvDcfOqRbcqxjU3U/MoW

    Score
    10/10
    discoverygcleanerloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks