c3897cae08e39f70508d372e8e60b99da4490ae09139da8199a5ba70ab254725 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

CCleaner64.exe

windows10-2004-x64

6

Sharing

General

Target

CCleaner64.exe
Size

43.8MB
Sample

250401-s74t9stpt3
MD5

f116a86b8e6235cc551f30e1559d8d1d
SHA1

0f5fd9e2d38068d58c222b6a78a7171a419e0575
SHA256

c3897cae08e39f70508d372e8e60b99da4490ae09139da8199a5ba70ab254725
SHA512

14293608ec71b50ab875421cd3cb37006957e03aae54c95131a6c212f95e11fb3120a9024e99ad9dce9d3e6feffe9e98fac6bc80cb3a6bd3cc971ccd4485c0a0
SSDEEP

393216:qWtZTh5KxtGKB29mUXV+OJzZU59yx2i57CszyrQxZh6V4/rqNwp3JP+R4XjXhSpK:qWDh5K2n57rqQoiJP+R4zXs1K

Score

6^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

CCleaner64.exe

Resource

win10v2004-20250314-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  CCleaner64.exe
- Size
  
  43.8MB
- MD5
  
  f116a86b8e6235cc551f30e1559d8d1d
- SHA1
  
  0f5fd9e2d38068d58c222b6a78a7171a419e0575
- SHA256
  
  c3897cae08e39f70508d372e8e60b99da4490ae09139da8199a5ba70ab254725
- SHA512
  
  14293608ec71b50ab875421cd3cb37006957e03aae54c95131a6c212f95e11fb3120a9024e99ad9dce9d3e6feffe9e98fac6bc80cb3a6bd3cc971ccd4485c0a0
- SSDEEP
  
  393216:qWtZTh5KxtGKB29mUXV+OJzZU59yx2i57CszyrQxZh6V4/rqNwp3JP+R4XjXhSpK:qWDh5K2n57rqQoiJP+R4zXs1K
Score

6^/10

bootkit discovery persistence spyware stealer
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistencespywarestealer

© 2018-2025

Terms | Privacy