Overview

overview

10

Static

static

3

b7b0dea775...63.exe

windows7-x64

10

b7b0dea775...63.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_659e272606eab0f6f28688e3e6993b640261fbfe1091a3cc3a8252d30b6568ff

  • Size

    2.4MB

  • Sample

    241229-qfmessslds

  • MD5

    c8f22c094b355c142fe4ffc3b06baeec

  • SHA1

    df949c25ad0d033b8cfe3bdd644349bed870668f

  • SHA256

    659e272606eab0f6f28688e3e6993b640261fbfe1091a3cc3a8252d30b6568ff

  • SHA512

    0a347c7780214ade0686d8234a9f01572fe7b3998da2aa899d116cb125d8b0d448b8c9aad2e86d0602f135e97f63a3b299a617288d206033f81eae707c85a3e7

  • SSDEEP

    49152:oIFJ3BE32ZiT9heIcyDPsxYlY59UVqSHls0DTfKb732ONuF:oKBE3siT7jcyDPCYlYQ5KbrdIF

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

    • Target

      b7b0dea77586bf700a6805164cebd665eefb9099e9d2181f2640a73b5190a563

    • Size

      2.5MB

    • MD5

      1bb4a3c2d8bd4afb972a0b107afd3ace

    • SHA1

      7a3a4deedbe7d2e564f2d83151c5518657126d30

    • SHA256

      b7b0dea77586bf700a6805164cebd665eefb9099e9d2181f2640a73b5190a563

    • SHA512

      5fd499cc0aff241f0b93bd6ee88d4207846d488f11450982f76f4559b3791a33c3149b099e2935032c769dcf5580aa51f5572a03172865f73638142adcfc66cf

    • SSDEEP

      49152:Z2sFfpB+r41Yd9JwIeyVPwxE3IJzojUYxlm0jXf0dvliA5hq:McB+rcYd3teyVPOE3I6t0d9ZDq

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks