General

  • Target

    b05bc9e7e7817c9b3683610bf178e4450e9463014f4e754e247d12c01e95d758.bin

  • Size

    4.8MB

  • Sample

    250702-xzmm8s1ky6

  • MD5

    a7e17d17e5a105e7499ec59a626d6d5e

  • SHA1

    c6f9f3587ec5289c9b4ca85d2e9b11a4e9d887e1

  • SHA256

    b05bc9e7e7817c9b3683610bf178e4450e9463014f4e754e247d12c01e95d758

  • SHA512

    8daabac14cf47f4b781bb40379479a65c2d5ffc70761885603001b20686547eb65853554ef4ad88134640aa1b0b957164991ba520fd662e2133c370042e3e543

  • SSDEEP

    98304:wgnFuy3BwU5yL8/No/0B3AoYiPx40RMDF9ZW:wCw/MOMBwYPx40GP0

Malware Config

Extracted

Family

gcleaner

C2

45.91.200.135

Targets

    • Target

      b05bc9e7e7817c9b3683610bf178e4450e9463014f4e754e247d12c01e95d758.bin

    • Size

      4.8MB

    • MD5

      a7e17d17e5a105e7499ec59a626d6d5e

    • SHA1

      c6f9f3587ec5289c9b4ca85d2e9b11a4e9d887e1

    • SHA256

      b05bc9e7e7817c9b3683610bf178e4450e9463014f4e754e247d12c01e95d758

    • SHA512

      8daabac14cf47f4b781bb40379479a65c2d5ffc70761885603001b20686547eb65853554ef4ad88134640aa1b0b957164991ba520fd662e2133c370042e3e543

    • SSDEEP

      98304:wgnFuy3BwU5yL8/No/0B3AoYiPx40RMDF9ZW:wCw/MOMBwYPx40GP0

    • GCleaner

      GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.

    • Gcleaner family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks