MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fba70cac321a434f3eb509f38e80919a6e43c86e964737f91ad416bec297933. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GCleaner


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fba70cac321a434f3eb509f38e80919a6e43c86e964737f91ad416bec297933
SHA3-384 hash: a70b2e2cf8f1fdf54416ad2376990fd46c894c1f46b360d0dbeb2cbaa026bf9db387529e176032a9d3f7f3faefc2518f
SHA1 hash: d1a9f577d7808a399e1226fd88984ef4e107ae50
MD5 hash: 2c2b18b625f46b2c92b1df8c7a0634e5
humanhash: fourteen-blossom-lima-network
File name:2C2B18B625F46B2C92B1DF8C7A0634E5.exe
Download: download sample
Signature GCleaner
Create hunting rule
File size:332'800 bytes
First seen:2021-08-08 16:25:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9f6e89a1c9887d95e8374b4cda8a71c7 (1 x GCleaner)
ssdeep 6144:w63+o2J9uflgvvBASV0F3jPZpW+3Ttu+/LKUZrNVfs8V:1+o2PuflYASKFztuIN2
Threatray 2'825 similar samples on MalwareBazaar
TLSH T17C64E021FE80C072C063063044A2EBA56679AC612B65C7077764376F9EF32E16676F7E
dhash icon 8eb1e8ceb6f6dcf9 (1 x GCleaner)
Reporter abuse_ch
Tags:exe gcleaner


Avatar
abuse_ch
GCleaner C2:
http://gc-prtnrs.top/decision.php

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
http://gc-prtnrs.top/decision.php https://threatfox.abuse.ch/ioc/166045/

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2C2B18B625F46B2C92B1DF8C7A0634E5.exe
Verdict:
Malicious activity
Analysis date:
2021-08-08 16:33:55 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/e2b9f750-a877-492a-a24b-594996d84ca9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Gcleaner
Create hunting rule
Link:
https://www.capesandbox.com/analysis/177270/
Detection(s):
Win.Malware.Filerepmetagen-9883511-0
Create hunting rule

Win.Dropper.Chapak-9883520-0
Create hunting rule

Win.Packed.Generic-9883705-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Sending a UDP request
Launching a tool to kill processes
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
GandCrab
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d31653f0-3aab-47aa-989c-33ac6c46a51e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/828852
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fba70cac321a434f3eb509f38e80919a6e43c86e964737f91ad416bec297933/
Threat name:
Win32.Trojan.MintTitirez
Create hunting rule
Status:
Malicious
First seen:
2021-08-06 03:12:00 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
4df50c6d6d188c3413bdba53851cbeea7b281b92b0d5341c021a65912395fa5b
GCleaner
6c79c3b549bdea13526f1365ad2253f6385531606362cc29d9dea172cd9d50cb
GCleaner
720713c32ba0f95e8d088a31e4bac9aa2f4c809e11129969292203a69a94b50e
GCleaner
8947301e85623e30300e9094eb2dad7f325660419362c223dba601de5bd9e3c4
GCleaner
a90bc226fcaf18a89bad9b0a1a57085ecd055b726b67e3a3964d7da03d244007
GCleaner
afd7ef4fbd203f40d15f8ec694b66fb9054b5278ac3b07d7687587b60ff03f25
GCleaner
b8338eda2c7390860da3bd4a37104b409235131406d9b4d30a78b5d4189cf317
GCleaner
c49db28c90989f14866faa6781fc5e6531c8a63d3c3f3d245b4c4d752ce5ebf0
GCleaner
f211d8be8001df12bba948be8bdb8db9c938a518052a50d358d02a04396c2dd5
GCleaner
+ 2'815 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
suricata
Link:
https://tria.ge/reports/210808-n5j564z71s/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
suricata: ET MALWARE GCleaner Downloader Activity M1
Unpacked files
SH256 hash:
3b309236695517c2e06ff8af3f5c073e1b8e8c99768f5141f4cf9e704050dfdb
MD5 hash:
048d3824dae9ba8c0b48a841c56f2e24
SHA1 hash:
8da82b6a497c97a5512009ef57b4d25f77c57dc1
Link:
https://www.unpac.me/results/7c7d2b81-6551-47a5-8a06-4f2432206af3/
SH256 hash:
3fba70cac321a434f3eb509f38e80919a6e43c86e964737f91ad416bec297933
MD5 hash:
2c2b18b625f46b2c92b1df8c7a0634e5
SHA1 hash:
d1a9f577d7808a399e1226fd88984ef4e107ae50
Link:
https://www.unpac.me/results/7c7d2b81-6551-47a5-8a06-4f2432206af3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3fba70cac321a434f3eb509f38e80919a6e43c86e964737f91ad416bec297933

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/177270/

Comments