gcleaner | cd101ed66514a0cf42081119e73403fdb0f47baf944f33227d018dac0fc1ba12 | Triage

Submit
Reports

Overview

overview

Static

static

1

9dc3c210f4...e3.exe

windows7-x64

9dc3c210f4...e3.exe

windows10-2004-x64

Sharing

General

Target

9dc3c210f41de276264b20019ec64beb14955fb59dff048b10fab6a397a26be3.zip
Size

2.7MB
Sample

230311-s78hfsac28
MD5

45986129343f57cc197bd91f03d135d8
SHA1

f20b5184454c410b320aad5ae8f9ef4917bca9bc
SHA256

cd101ed66514a0cf42081119e73403fdb0f47baf944f33227d018dac0fc1ba12
SHA512

c97c68e5e232c82c02ce345f899482f733436b77fbf931220d45bffe2733749e0f140bf5f7e83f4774b9d8237dbf950434782775eaa51adb7678a3ac63d26e3e
SSDEEP

49152:RY6jiTCD8fk3DNWD+CmTqra7fPr/TVrbnhcs6DJxNOfFYl0T3n7:RR8WQ0qrQHVrGsIcFl37

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

9dc3c210f41de276264b20019ec64beb14955fb59dff048b10fab6a397a26be3.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

9dc3c210f41de276264b20019ec64beb14955fb59dff048b10fab6a397a26be3.exe

Resource

win10v2004-20230221-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9dc3c210f41de276264b20019ec64beb14955fb59dff048b10fab6a397a26be3.exe
- Size
  
  2.7MB
- MD5
  
  089b7c3fdf1390bc643edc51273aa7f4
- SHA1
  
  ce4a3abe32c1667115606668f6c8a7ae10b7dd24
- SHA256
  
  9dc3c210f41de276264b20019ec64beb14955fb59dff048b10fab6a397a26be3
- SHA512
  
  6d95ad8234040296a6f48166ace914a9eca1e099a0a817221e62b253b69bdd12ff5a573fc2719692b208b8270e5d3b58791e41553b85d65256623c779ee8e285
- SSDEEP
  
  49152:AG7Ncx+ltZ0N+WzY8e/ocP2e87MrPHmmWq61fe9ZNU+Xvn/UmOKz:d7Ncx+n0+Wwd2eRbDgJeZUu/zOKz
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy