gcleaner | 87d079997ff871b187a13907c00fd90697589cc6721f58fd85a93936c285e118 | Triage

Submit
Reports

Overview

overview

Static

static

1

9abddbc730...fa.exe

windows7-x64

9abddbc730...fa.exe

windows10-2004-x64

Sharing

General

Target

9abddbc730703542ff090d2a01ef1aec169b5b3ba6e85891383ae1893f5a6ffa
Size

2.8MB
Sample

230313-jy2twahc45
MD5

20dd465c0b86ffbd6d0c1f89020222ed
SHA1

bc12c59fc77497b3abf28fc043241e559f97617f
SHA256

87d079997ff871b187a13907c00fd90697589cc6721f58fd85a93936c285e118
SHA512

b21b65fbb70d570b9162d71fb2e69cff6ee293c7c53f0a5a4337cea386e3bb090c3e960144b9be49e04d3a5070b862ab69e4e8d53f345e44f659b02ff7edd127
SSDEEP

49152:FksLODXxm29uBsfhxpUZT6uFpf3CsarkOjb8xH7PfMW4aWaAe6LYAwH0oKDckR24:FB4xmcgMhxpU0GfdaYjZPkxaWQMX4Cd3

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

9abddbc730703542ff090d2a01ef1aec169b5b3ba6e85891383ae1893f5a6ffa.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

9abddbc730703542ff090d2a01ef1aec169b5b3ba6e85891383ae1893f5a6ffa.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  9abddbc730703542ff090d2a01ef1aec169b5b3ba6e85891383ae1893f5a6ffa
- Size
  
  2.8MB
- MD5
  
  7a2b1fab546a381df312e2668bfd11f6
- SHA1
  
  2b7a406edf6e14f48f070f5680f982335c2daa64
- SHA256
  
  9abddbc730703542ff090d2a01ef1aec169b5b3ba6e85891383ae1893f5a6ffa
- SHA512
  
  2ca699345762c926bcb04d324dc206fe64413dd97c084eca416313081d773fd24a3f9843243135fc703219052c84a7adff93d1407d40d9ae22e0de5140f5fd76
- SSDEEP
  
  49152:AGHYaLuZjHIO7uFs7BDpoVTmuFpF3+gsroolJyx779r+W4+WkaCUf4Y6H0c2FTym:ddcHIEmKBDpoIGFps89x9yx+WCEZKq9z
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy