gcleaner | fa8df4867648ad6b278f5992cc2d101e918e01f36ba3cbde76cbd4484cb835cf | Triage

Submit
Reports

Overview

overview

Static

static

1

49e393dd84...9f.exe

windows7-x64

49e393dd84...9f.exe

windows10-2004-x64

Sharing

General

Target

49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f.zip
Size

2.9MB
Sample

230310-njkdhadc68
MD5

480bda78ab9272710670ebbd55d2f1c5
SHA1

3f3bf5473c32d4446c8938ba6953c083e771c235
SHA256

fa8df4867648ad6b278f5992cc2d101e918e01f36ba3cbde76cbd4484cb835cf
SHA512

f5169f03fcf47a331ee207addce24d70c4935e6737da4f976eb171d726966e22b8567897052637d94331b22272c4eed419e6d9d0467adf6730504c2120df014b
SSDEEP

49152:IWF2h4K+Sx3eu5KRr29RUhsNNvqlNCcuKUpzaKZvRCRHlFjUTdxOaX7GDGOa5mP:hF2h4J/EGSBfpHRQHlFoTSEoBnP

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f.exe
- Size
  
  2.9MB
- MD5
  
  20937cee5e94b5848b1f1c845b5a6961
- SHA1
  
  8046f6136a62bd05b9cf2c443d0be3ab14e7c8e2
- SHA256
  
  49e393dd8488e547422062ebb1d6f81a0e25597b91961227c38756f0f36f189f
- SHA512
  
  199f78bfca7fdf848e13873deeb8026ac3e2eeb77bf6d3b52393e787932942d649c92de4fcdeb9d0890c55f175735faa4416c4c00cc5b9014d4df62de5ded37a
- SSDEEP
  
  49152:AGo4EIlCeDcoJHLo//us+DSaSZgc3jQ8F0EMEUICKZ0f9F5u++QVqZXN7ksRnPXL:do4j3q/f+DXNcc822zL08gUxOKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy