MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GCleaner


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91
SHA3-384 hash: 0b3189ca8dc45ca8bc6fc0f9b10211997736334b27c7d8d46a9b137a81be36c8d898302473744d361f65da025ee9f340
SHA1 hash: c2539a41cd44cf10b57fccdba69d908951181268
MD5 hash: 598b7115d194a9d058b4b09288c583c4
humanhash: cat-summer-oscar-yellow
File name:598b7115d194a9d058b4b09288c583c4.exe
Download: download sample
Signature GCleaner
Create hunting rule
File size:316'928 bytes
First seen:2021-08-28 06:48:24 UTC
Last seen:2021-08-28 08:08:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ebf21d5f80ce6d78a1158dea28ff74e3 (3 x RaccoonStealer, 2 x RedLineStealer, 2 x Smoke Loader)
ssdeep 6144:O/w4aKpzoKNJPiFCT5UfXxvTfiTzb2AR6VkLh2SLwKteWfIRo:0vJoAFb5IxvLEnp4VkZzsxo
Threatray 3'215 similar samples on MalwareBazaar
TLSH T15664AE30A790C036F5F722F859B68378B5297EB16B6090CF93D526EA17346E8AD30747
dhash icon f1e8ccb6f4d8f18e (1 x GCleaner)
Reporter abuse_ch
Tags:exe gcleaner

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
598b7115d194a9d058b4b09288c583c4.exe
Verdict:
Malicious activity
Analysis date:
2021-08-28 06:51:13 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/5cddd9f0-5d00-4c99-af33-ece1bdf91239

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183032/
Detection(s):
SecuriteInfo.com.Trojan.Siggen15.671.822.30783.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Connection attempt
Sending an HTTP GET request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Sending a UDP request
Launching a tool to kill processes
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ed6384af-5844-453b-a318-8638100d9335
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/840688
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-08-27 22:34:22 UTC
AV detection:
16 of 46 (34.78%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1cdddf182f161ab789edfcc68a0706d0b8412a9ba67a3f918fe60fab270eabff
GCleaner
41ce43aa875bf977ec9eb039e5853ade1af522dd0dff4f19282f6c8038ae2dff
GCleaner
5ad7bfb790fc652df60360024af60578790930bb78489aabf352eae3fff103fb
GCleaner
8eea00bd7d1db820c7a1b5622119b76944215e5803c2e8b772b9548e9ee91c66
GCleaner
9bb77fb3b462b7b52694f0326b83b4f0f47969240e296129cd23da3b2fe98fb0
GCleaner
a5f4eb3b915bcfdd72cb81b7d89c0c0fd6b190b637db6ffad25604d24985f9e8
GCleaner
b5f88e34db4bb65da8c21982590b67922fe32e62e7cfaae9fbe417a4262aa143
GCleaner
b9f79bcb4c0ea9e939b35813e807fda308b7038f1dea613e7d8bbd7fe127ac84
GCleaner
fd5c970806fba1500cbb6af5328329aeb43b8de3f02d90ec5d8cd1d57711622f
GCleaner
+ 3'205 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210828-93qybrqe6e/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Deletes itself
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
4117351650847ddeb6daa6ea7380efaa29a3eb9189292e6b3948806795f63194
MD5 hash:
5f0412d9025704fb35eb22d15f7e377f
SHA1 hash:
70369ae356b7813bd0d23815e1338904ca2086ec
Link:
https://www.unpac.me/results/14ded09f-af7f-457a-9906-2ede601fc207/
SH256 hash:
90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91
MD5 hash:
598b7115d194a9d058b4b09288c583c4
SHA1 hash:
c2539a41cd44cf10b57fccdba69d908951181268
Link:
https://www.unpac.me/results/14ded09f-af7f-457a-9906-2ede601fc207/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/90218287a2349091c5221723b26ee73e101b51f5ef99dbaa23d8c19f83c58f91

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/183032/

Comments