MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GCleaner


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294
SHA3-384 hash: 6181d9b813a75aa45ea560d2d51daa126f46a102972f581d087f4d5479c657c1c1c81a56117fe1b39ccb0a590757d89d
SHA1 hash: 5777ba4e01e9511185db1478b231e9d875fd6e86
MD5 hash: fbc5ff187eba86a2d5ebd318c6200e49
humanhash: edward-football-jersey-utah
File name:fbc5ff187eba86a2d5ebd318c6200e49.exe
Download: download sample
Signature GCleaner
Create hunting rule
File size:316'416 bytes
First seen:2023-06-20 06:48:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c1947b9846baf229e0c776cadd6d408b (4 x GCleaner, 1 x RecordBreaker, 1 x ArkeiStealer)
ssdeep 6144:LJjyVOd1upxO7H+iL0tM6f1MwXNYZ7IQjgOGgNYPsFWp:L5Pdsme1tNJ98BcPqK9p
Threatray 202 similar samples on MalwareBazaar
TLSH T16264CF2366907C30D92E9A73CE2EC6E4769EF9508F197BA722385F1F09B11B1C1B2355
TrID 52.5% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
17.7% (.EXE) Win64 Executable (generic) (10523/12/4)
8.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.5% (.EXE) Win32 Executable (generic) (4505/5/1)
3.4% (.ICL) Windows Icons Library (generic) (2059/9)
File icon (PE):PE icon
dhash icon d4f4e8e0e0e0c848 (1 x GCleaner)
Reporter abuse_ch
Tags:exe gcleaner

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fbc5ff187eba86a2d5ebd318c6200e49.exe
Verdict:
Malicious activity
Analysis date:
2023-06-20 07:24:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/21228d4f-74af-4307-a2ed-818731d322ec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Nymaim
Create hunting rule
Link:
https://www.capesandbox.com/analysis/400873/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67625563.25438.30630.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
DNS request
Sending an HTTP GET request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/64914bde024b6169b0eb196b/reports/39b25668-f277-4c0d-bf49-35e8c189243d/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a1adea4c-eed2-4a01-8a3e-66e1299f7b20
Result
Threat name:
Nymaim
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1258054
Signature
C2 URLs / IPs found in malware configuration
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Nymaim
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294/
Threat name:
Win32.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2023-06-19 16:10:37 UTC
File Type:
PE (Exe)
Extracted files:
34
AV detection:
13 of 37 (35.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yaaq2wuibvvehwobear4vlzybxdimf4xsg7gz2vob6qaox4gukka._file
Verdict:
malicious
Similar samples:
3112968176d3ff222e088f73201a2499c60b5fed2b7529d769717fc60c3d6345
GCleaner
37f76018264bccc9fc48df733f90f737aa2152693fec4667bd9eed26b2538290
GCleaner
63a9c63d504d9b57650f8a21c6211ba7995287f4bee3297833194501deebdef5
GCleaner
7618c4f3710d5fe1291571206d83e391b2fa3ed555f031327463c3c80b4bfaf2
GCleaner
b16e20de16060f3a4d5f0e4fb0248e9f7522c5b4f0e83b62ca5c91f65e847d30
GCleaner
bdf041383a0d74070378d1b5bc8e9b695c7b48063936887f64897df3d5aea049
GCleaner
e29ff3b2a901941f9b51de181a18a7730e01fbab155392d8c319002a88a116f5
GCleaner
e2fd6562b8e27e431dd4c4a6ea13acf38679b93781e419de28a34981c4d94e17
GCleaner
f575b96dd642a57556c72211a7936b43598fb61a626fe41f5441e59fa2846b15
GCleaner
fe93b9a0c817fc6da2acfc2d37809eda1f5474a08219e5503d9666671f1faf2e
GCleaner
+ 192 additional samples on MalwareBazaar
Result
Malware family:
gcleaner
Create hunting rule
Score:
  10/10
Tags:
family:gcleaner loader
Link:
https://tria.ge/reports/230620-hlb71sbg2s/
Behaviour
Program crash
Downloads MZ/PE file
GCleaner
Malware Config
C2 Extraction:
45.12.253.56
45.12.253.72
45.12.253.98
45.12.253.75
Unpacked files
SH256 hash:
9c48fc86401d4274232e2e061629eac2d7689d7db12d2e7ea1cf6a33d1ba84c2
MD5 hash:
8f4d4dc240b385e35bf6788dbeb8369d
SHA1 hash:
a5aff70276571b384d24f915e6c61d056195cefc
Detections:
Nymaim
Create hunting rule
win_nymaim_g0
Create hunting rule
win_gcleaner_w0
Create hunting rule
win_gcleaner_auto
Create hunting rule
Link:
https://www.unpac.me/results/4510cd71-62a1-4838-8b85-79ab58b72f64/
SH256 hash:
c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294
MD5 hash:
fbc5ff187eba86a2d5ebd318c6200e49
SHA1 hash:
5777ba4e01e9511185db1478b231e9d875fd6e86
Link:
https://www.unpac.me/results/4510cd71-62a1-4838-8b85-79ab58b72f64/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GCleaner

Executable exe c0010d5a880d6a43d9c12023caaf380dc686179791be6ceaae0fa0075f86a294

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2642461/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/400873/

Comments