Overview

overview

10

Static

static

3

0f21fe00bb...bN.exe

windows7-x64

10

0f21fe00bb...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f21fe00bbf2ccfd6e6661c37799f3780486e45ea8283a7f017103ff4ff0e97bN.exe

  • Size

    1.7MB

  • Sample

    250112-ecp6qsvncv

  • MD5

    15ed058c6dc73fbc3e017a3005fc6be0

  • SHA1

    dd9156d84e989b0631f55948851c62ebc7154f9b

  • SHA256

    0f21fe00bbf2ccfd6e6661c37799f3780486e45ea8283a7f017103ff4ff0e97b

  • SHA512

    f217bac644bb8fd2a6ba21cc4112fc050fc900d4c3c21997516a6a497ed36e021e3746da72585a44a2aa3bbe57ffc964c71512b3166c6326f045b7d4334c4522

  • SSDEEP

    49152:Z2u3AV81h8tsLiYNZ7i6S5M2MRDiYBtA5hq:MHCsYKdK2MRsDq

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.39

37.139.129.24

45.139.105.66

45.139.105.188
Attributes
  • url_path

    /get.php

    /setup.php

    /setup.php

Targets

    • Target

      0f21fe00bbf2ccfd6e6661c37799f3780486e45ea8283a7f017103ff4ff0e97bN.exe

    • Size

      1.7MB

    • MD5

      15ed058c6dc73fbc3e017a3005fc6be0

    • SHA1

      dd9156d84e989b0631f55948851c62ebc7154f9b

    • SHA256

      0f21fe00bbf2ccfd6e6661c37799f3780486e45ea8283a7f017103ff4ff0e97b

    • SHA512

      f217bac644bb8fd2a6ba21cc4112fc050fc900d4c3c21997516a6a497ed36e021e3746da72585a44a2aa3bbe57ffc964c71512b3166c6326f045b7d4334c4522

    • SSDEEP

      49152:Z2u3AV81h8tsLiYNZ7i6S5M2MRDiYBtA5hq:MHCsYKdK2MRsDq

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks