gcleaner | 8ad510484a77be11d0d5b91bd49f357957b930dec9d641ad14eb1b5edb6765a7 | Triage

Submit
Reports

Overview

overview

Static

static

1

80c23d3e20...ee.exe

windows7-x64

80c23d3e20...ee.exe

windows10-2004-x64

Sharing

General

Target

80c23d3e20447c98454bb10ff5408b0c3540d7ee52f8c8f0feaa42cc00a66eee.zip
Size

2.5MB
Sample

230308-qjlyfaeg6y
MD5

ed1f6f3b7b1db7653310688f803d6f54
SHA1

1a13d7be5f6552a25fdc0e2800c3d3941b7b8220
SHA256

8ad510484a77be11d0d5b91bd49f357957b930dec9d641ad14eb1b5edb6765a7
SHA512

85a9d28a9c4ea999569670b4a04eb0901c83501032f86906e6b8b86449671db59f8a80d5cd6018269f14441e33096d49b1a4a5088e459c36470568dc6a98a406
SSDEEP

49152:zFhSdOx2KT4+CeWOac6JxTjw0JbiJAdcs/FPRcrDWQrRl0QIi:jTxJT4mWOJoTjyw/BCyQrRl0Q

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

80c23d3e20447c98454bb10ff5408b0c3540d7ee52f8c8f0feaa42cc00a66eee.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

80c23d3e20447c98454bb10ff5408b0c3540d7ee52f8c8f0feaa42cc00a66eee.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  80c23d3e20447c98454bb10ff5408b0c3540d7ee52f8c8f0feaa42cc00a66eee.exe
- Size
  
  2.5MB
- MD5
  
  3494510d15f0d5cadd3627b296c37fbf
- SHA1
  
  c48e84e551874f5f801603e5b1614fac0c32862d
- SHA256
  
  80c23d3e20447c98454bb10ff5408b0c3540d7ee52f8c8f0feaa42cc00a66eee
- SHA512
  
  47ac6bbc45625e801ce9c0b15938043dd8886c4410c1da1e0061a9524539799f56d4fbacacd6e3137ab68dafdcf85185a8b28583b367afb098c45b3f809b6e4e
- SSDEEP
  
  49152:AGc47Uf4w29n2GPhRGWMk/7YMh3NDgVmaiTqT5TwiShT8OKz:dB4Zwhga/7xNDgmTqdwikT8OKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy