gcleaner | e0f69b32315f36880b4ea1d07b42963d677bad154de89dc11f7fbb51885dac8c | Triage

Submit
Reports

Overview

overview

Static

static

1

7a35812b11...95.exe

windows7-x64

7a35812b11...95.exe

windows10-2004-x64

Sharing

General

Target

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.zip
Size

2.8MB
Sample

230310-njy7nafa8x
MD5

e4c78528cff8096a34c4e6c06a796515
SHA1

afd55825c4a69fde6e8814d10ec42ebb9045e58b
SHA256

e0f69b32315f36880b4ea1d07b42963d677bad154de89dc11f7fbb51885dac8c
SHA512

918f92d7867c61f04a8258990fcc4ca31123aa0985032a1cd0ac22ab16896713597785b7349250447f3ceacbce03d6c68cee5aeb0856cb08185663c0700566f2
SSDEEP

49152:csc/SQZBwc14LF68PiT69u+tUi5yNEe1LtaSawrJUyD7cF//EDvwwed44:csc3SAJ8e2ucUZ1LtaSPJUyEF//EDwdr

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595.exe
- Size
  
  2.8MB
- MD5
  
  6283b21c8215230a7692ae5925d31240
- SHA1
  
  deed519a94857c0d6756a3e5cae06a7fa70fe681
- SHA256
  
  7a35812b1174b2afd578cef81393fdedb925462ecead2c614ab19270d3717595
- SHA512
  
  bac58018d0232c11486d36027af3b6745bba54c8f431ff6c38a63622e5ec568f6a4d4398d6ca2bd123f366b2222cfe8b4af1def3fd4275a3ba18fa42e1cca415
- SSDEEP
  
  49152:AGhc+hIxwJonPSr4/hyCLi2nrQg9a9CRDjmqhaxmP8ytbxSIIt1dIO7HawOKz:dO+hIxsUT+IdNhkYxIt1aO76wOKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy