gcleaner | 680c818404ece37b2422738b33665591c427ea03f59dbfa718c50316da5919c6 | Triage

Submit
Reports

Overview

overview

Static

static

1

aca031d307...4b.exe

windows7-x64

aca031d307...4b.exe

windows10-2004-x64

Sharing

General

Target

aca031d307302bc878973a96767781e5d3e667df100699cde2d72a36bbfa614b
Size

2.8MB
Sample

230313-j618bahd27
MD5

e8fdf4b141ac44eb570e92e68441c0af
SHA1

4a15ad782c9fa78d287f5dabca0934d4586a5c84
SHA256

680c818404ece37b2422738b33665591c427ea03f59dbfa718c50316da5919c6
SHA512

9109f377231367040d77cc275cc69fda8d463d7d60b6bd1473d09246ee47a1a28d7addaf8b87d857541229103d2eb49618e3182f3103f667141024408501be1c
SSDEEP

49152:muiD/fwJFWusVaB427LlRKbseUKg+W+uLLawroNNWZRF5waiFPSJj5cdzFQkV:muiDXwJEusg427LlEIKg+W+uzsNQrwrb

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

aca031d307302bc878973a96767781e5d3e667df100699cde2d72a36bbfa614b.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

aca031d307302bc878973a96767781e5d3e667df100699cde2d72a36bbfa614b.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  aca031d307302bc878973a96767781e5d3e667df100699cde2d72a36bbfa614b
- Size
  
  2.8MB
- MD5
  
  99b7bd2ac2336e3cc24645eebf6e92dd
- SHA1
  
  3c0e794075bd4d8b3f8ca5b710b6c3887eed4721
- SHA256
  
  aca031d307302bc878973a96767781e5d3e667df100699cde2d72a36bbfa614b
- SHA512
  
  585ace5f5d3c9e48cde8d110ed879896c0c6a3be196188c2183960e67e63edb548464e862736f7bbdd9bee641b831c7104a9ff1b27da5598a3e8bb042a114f9d
- SSDEEP
  
  49152:AGgia//r+zFeuAZaBus5BlrKbMOygm+YKupfaKJwBRCrRH5EOQHjI5jRctznOKz:dgia/T+zYuA0us5BlSGgm+YKQfiBEDEx
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy