MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GCleaner


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848
SHA3-384 hash: 4dc36802e1c43c89909dd7fb702b3b615b74bb90f627b0a4eea095929e08e17453d3b2e47070b625ba886d8191ac8a8e
SHA1 hash: 1148dc1c9be32640b3ed740fc12eb6134bc78323
MD5 hash: b7823e17997deec7ed2340b74ead75de
humanhash: coffee-low-kansas-mike
File name:b7823e17997deec7ed2340b74ead75de.exe
Download: download sample
Signature GCleaner
Create hunting rule
File size:378'880 bytes
First seen:2021-05-24 17:54:16 UTC
Last seen:2021-05-24 18:01:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 804961db55ba5c190e654e6d23768444 (1 x Stop, 1 x RaccoonStealer, 1 x GCleaner)
ssdeep 6144:goUn0OWWtfqEJCVMCitwhMo5RwzwsDjm/QKKsjZJhi6MHiBH92FYkpv:goUn0OWWtfwgwh4csG4o7hiBHix4
Threatray 915 similar samples on MalwareBazaar
TLSH 6E84AE306792C035F0BB12B449B59378A53A7DE17B3481EF62C53AEE56316E1AC3178B
Reporter abuse_ch
Tags:exe gcleaner

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b7823e17997deec7ed2340b74ead75de.exe
Verdict:
Malicious activity
Analysis date:
2021-05-24 19:01:21 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/ed146657-d945-49d0-ae01-559c0d6d5e90

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Mal.GandCrypt-B.25057.7756.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
DNS request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Launching a tool to kill processes
Sending an HTTP GET request to an infection source
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/790719
Signature
Country aware sample found (crashes after keyboard check)
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848/
Threat name:
Win32.Trojan.Azorult
Create hunting rule
Status:
Malicious
First seen:
2021-05-24 13:59:23 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
43eb032fa36ff0b40420df7d5fa121910ec02ba7ba03581a5a7188939ddc24ee
GCleaner
80f4e35d825fcd2816deb95b0a2694203238b769cbf6267dcca8d10d6e1394c4
GCleaner
9c8057521a53904ce86837434f6ca9075fea66d1c31914db6a6b49f68649191f
GCleaner
a17bb3e305532ac8e6dd2785ae50cf5f18a3de6a9ea2a4b75ea841b66ba94509
GCleaner
a5e79ae2f930e6ae8ba7057f14c5b96a7962c0720ddd040a655e59c8dae4b959
GCleaner
c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72
GCleaner
d00184f7ae894b5bfd832771e9a920f9c399ba785e9a2f89382d499ec32e54a2
GCleaner
dab1943418275fa0a684702d291fa2fd693bebc19b99f7af9ad8dc3dd0a47cb5
GCleaner
e9da1da3a4fb2050b9b17f5dbb1dd5f334f22637fc8186052d152cc631839f9b
GCleaner
fb5d2b6d9ec1b9c07e64f6b9eb148099f0b43d58dc867102c02b16a9a9152022
GCleaner
+ 905 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210524-mjapzg4v7s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates physical storage devices
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GCleaner

Executable exe 9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1247592/
  
Delivery method
Distributed via web download

Comments