Overview

overview

10

Static

static

3

157231a3aa...6N.exe

windows7-x64

10

157231a3aa...6N.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    157231a3aa9626e8dbf5c8a4d29d7658f213116b4e68d00d331eb7415e306056N.exe

  • Size

    1.9MB

  • Sample

    250121-ftdppsxqew

  • MD5

    7faf086c54af2f40486165e735ad4490

  • SHA1

    500022daa48cf6d34ad14dc851de2bb27317d009

  • SHA256

    157231a3aa9626e8dbf5c8a4d29d7658f213116b4e68d00d331eb7415e306056

  • SHA512

    12edeadb77efcd02d54a687441e9940037cd51214d501c64938333f15bfc58834028829b1bbe421198790069e56ce89f86069534b745019853e2069ecb73c88e

  • SSDEEP

    49152:dGwFJ+KLcqz5AQAstVprJyp+9uiYovdyVJGb4qf:4wFJpnnzkhi3Jb4qf

Score
10/10
gcleanerdiscoveryloader

Malware Config

Extracted

Family

gcleaner

C2

62.197.136.41

91.241.19.194

62.197.136.196
Attributes
  • url_path

    /i.php

    /get.php

    /setup.php

    /setup.php

Targets

    • Target

      157231a3aa9626e8dbf5c8a4d29d7658f213116b4e68d00d331eb7415e306056N.exe

    • Size

      1.9MB

    • MD5

      7faf086c54af2f40486165e735ad4490

    • SHA1

      500022daa48cf6d34ad14dc851de2bb27317d009

    • SHA256

      157231a3aa9626e8dbf5c8a4d29d7658f213116b4e68d00d331eb7415e306056

    • SHA512

      12edeadb77efcd02d54a687441e9940037cd51214d501c64938333f15bfc58834028829b1bbe421198790069e56ce89f86069534b745019853e2069ecb73c88e

    • SSDEEP

      49152:dGwFJ+KLcqz5AQAstVprJyp+9uiYovdyVJGb4qf:4wFJpnnzkhi3Jb4qf

    Score
    10/10
    gcleanerdiscoveryloader

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

      loadergcleaner

    • Gcleaner family

      gcleaner

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks