Overview

overview

10

Static

static

3

104b243e6d...eN.exe

windows7-x64

10

104b243e6d...eN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    104b243e6d357c53fce21ccdf2470ea65b75911babe5bb7bf3a546dab093982eN.exe

  • Size

    299KB

  • Sample

    250111-m7y15axnds

  • MD5

    54087ff4efa0337a92411edfd219f270

  • SHA1

    463c1b9673b3acc3b8ed899d3cdf0cf820955e27

  • SHA256

    104b243e6d357c53fce21ccdf2470ea65b75911babe5bb7bf3a546dab093982e

  • SHA512

    dcc18c5722a2fdd55859373cc6e0c0c3825ef43a803c606fd349e6121578a8e5ad55a0a0c099ed7672f29cb34227523ca690a37a296202d5e625f8e52f0aa551

  • SSDEEP

    6144:UlrLHGvicYHCATJfvoD9oD1F4mhko0eanbDiljjJIPTgsl:UpCvirlTxoy4O903nbDCj8vl

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106
Attributes
  • url_path

    ....!..../software.php

    ....!..../software.php

Targets

    • Target

      104b243e6d357c53fce21ccdf2470ea65b75911babe5bb7bf3a546dab093982eN.exe

    • Size

      299KB

    • MD5

      54087ff4efa0337a92411edfd219f270

    • SHA1

      463c1b9673b3acc3b8ed899d3cdf0cf820955e27

    • SHA256

      104b243e6d357c53fce21ccdf2470ea65b75911babe5bb7bf3a546dab093982e

    • SHA512

      dcc18c5722a2fdd55859373cc6e0c0c3825ef43a803c606fd349e6121578a8e5ad55a0a0c099ed7672f29cb34227523ca690a37a296202d5e625f8e52f0aa551

    • SSDEEP

      6144:UlrLHGvicYHCATJfvoD9oD1F4mhko0eanbDiljjJIPTgsl:UpCvirlTxoy4O903nbDCj8vl

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks