gcleaner | 61815fb27b1ce30b794ae3ad647a807bea76d3a95bdd3d6341eca9cd83e8c5df | Triage

Sharing

General

Target

61815fb27b1ce30b794ae3ad647a807bea76d3a95bdd3d6341eca9cd83e8c5df
Size

2.7MB
Sample

230315-n5f8zafa9s
MD5

31e8372d260422f689fffc7926b5813d
SHA1

9ea43096decbf2d6d02a5fa740a43a20fdd435ed
SHA256

61815fb27b1ce30b794ae3ad647a807bea76d3a95bdd3d6341eca9cd83e8c5df
SHA512

9a044a4c509af022f2b13e12346f0e4eca4fb18848d21538d5d8d2c57fd5e99377b0de3bad7689260fd9943328230e7c8d2a224167165bc3aa029c052bc9a585
SSDEEP

49152:h21TuWiGuM3/oH9OEoO2yzgBIo1PXEN0ZiyLxAII/m/WahOVL9ncFkOKgTl:kdxiGuUgHkEoZ6gBV9X9h/JhOVL9nce

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  61815fb27b1ce30b794ae3ad647a807bea76d3a95bdd3d6341eca9cd83e8c5df
- Size
  
  2.7MB
- MD5
  
  31e8372d260422f689fffc7926b5813d
- SHA1
  
  9ea43096decbf2d6d02a5fa740a43a20fdd435ed
- SHA256
  
  61815fb27b1ce30b794ae3ad647a807bea76d3a95bdd3d6341eca9cd83e8c5df
- SHA512
  
  9a044a4c509af022f2b13e12346f0e4eca4fb18848d21538d5d8d2c57fd5e99377b0de3bad7689260fd9943328230e7c8d2a224167165bc3aa029c052bc9a585
- SSDEEP
  
  49152:h21TuWiGuM3/oH9OEoO2yzgBIo1PXEN0ZiyLxAII/m/WahOVL9ncFkOKgTl:kdxiGuUgHkEoZ6gBV9X9h/JhOVL9nce
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader