gcleaner | 9f484b215311ba5c090332654cadb00929da7c39e06cda9b6faa7ee1c3c99221 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

2.1MB
Sample

230201-qjc1jage8y
MD5

cad029777fef3d7957a55990aab0e7e1
SHA1

19f5e8b4a6cd5cc66ee6fb9e7bd9b18cadf582da
SHA256

9f484b215311ba5c090332654cadb00929da7c39e06cda9b6faa7ee1c3c99221
SHA512

44db165b4b1aa8e6b856a256a4d4e167ef9702b8429abab15e3251b5a6ab947b3e6c2858b9ffb9cc2ae7d55cda8444808a564df8945b706d4773a1f8b8ea384a
SSDEEP

49152:icPLnQDtfb4gr955j2oJmKD98B5jsHxakh2ewmOoLCgv2MR:XPLnQhfb4ml1PDeBC2ewmOgv2MR

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  2.1MB
- MD5
  
  cad029777fef3d7957a55990aab0e7e1
- SHA1
  
  19f5e8b4a6cd5cc66ee6fb9e7bd9b18cadf582da
- SHA256
  
  9f484b215311ba5c090332654cadb00929da7c39e06cda9b6faa7ee1c3c99221
- SHA512
  
  44db165b4b1aa8e6b856a256a4d4e167ef9702b8429abab15e3251b5a6ab947b3e6c2858b9ffb9cc2ae7d55cda8444808a564df8945b706d4773a1f8b8ea384a
- SSDEEP
  
  49152:icPLnQDtfb4gr955j2oJmKD98B5jsHxakh2ewmOoLCgv2MR:XPLnQhfb4ml1PDeBC2ewmOgv2MR
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy