gcleaner | 0a051faf4e7d7ea0dd6ae963d3410d0ae2e75d7530ddd8370bc3f8ff0c053a23 | Triage

Submit
Reports

Overview

overview

Static

static

1

7a35812b11...95.exe

windows7-x64

7a35812b11...95.exe

windows10-2004-x64

Sharing

General

Target

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.zip
Size

2.8MB
Sample

230310-m2sl6ada33
MD5

e31c6ae095c8eb1c38282ddd89d7b52e
SHA1

0b99c3c2e76e78de2df0a30cda7838c1180e8aff
SHA256

0a051faf4e7d7ea0dd6ae963d3410d0ae2e75d7530ddd8370bc3f8ff0c053a23
SHA512

b472c39190fc5873f112071d0ca603808afeb7dcc3ab118c4cbd88d46c2b309b9d041f923ef59176b5ea5615528237748ac1b77b46fed0392b34c918ce942626
SSDEEP

49152:7+kjNa33wqvjxtp0BCQg0RVv5flj8gxqpOJqtlrTwBy2kczCU153n/z3NJ:fjU33bb3qng0XvBlbUtGB5kcz715Xf

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe
- Size
  
  2.8MB
- MD5
  
  6283b21c8215230a7692ae5925d31240
- SHA1
  
  deed519a94857c0d6756a3e5cae06a7fa70fe681
- SHA256
  
  7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595
- SHA512
  
  bac58018d0232c11486d36027af3b6745bba54c8f431ff6c38a63622e5ec568f6a4d4398d6ca2bd123f366b2222cfe8b4af1def3fd4275a3ba18fa42e1cca415
- SSDEEP
  
  49152:AGhc+hIxwJonPSr4/hyCLi2nrQg9a9CRDjmqhaxmP8ytbxSIIt1dIO7HawOKz:dO+hIxsUT+IdNhkYxIt1aO76wOKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy