gcleaner | 4138137b8f7935b1bfb24c1d65a1da491ae9d717dc173e2614edd69e0aa69e48 | Triage

Sharing

General

Target

4138137b8f7935b1bfb24c1d65a1da491ae9d717dc173e2614edd69e0aa69e48
Size

2.2MB
Sample

230315-n5fx7sfa81
MD5

21023659c520bac658fb70fea771afa5
SHA1

cc469d6cb1dfea8e1764ad3f7cbd1c998322951f
SHA256

4138137b8f7935b1bfb24c1d65a1da491ae9d717dc173e2614edd69e0aa69e48
SHA512

ff99ce7920aed560e62704a0c6811bed20d5a703826d4df931ae7d11f6ae331ffc9c801823bcad1db0790d447b5bb50a1e15d0216b2e226fe93b823fc3a3370e
SSDEEP

49152:d24/iTDy7s9PAY6w83m3R2HO7jo5wcSZmI/m/WahOVLT3Mk:Imi/yw9PAYT83mB286n/JhOVL7Mk

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  4138137b8f7935b1bfb24c1d65a1da491ae9d717dc173e2614edd69e0aa69e48
- Size
  
  2.2MB
- MD5
  
  21023659c520bac658fb70fea771afa5
- SHA1
  
  cc469d6cb1dfea8e1764ad3f7cbd1c998322951f
- SHA256
  
  4138137b8f7935b1bfb24c1d65a1da491ae9d717dc173e2614edd69e0aa69e48
- SHA512
  
  ff99ce7920aed560e62704a0c6811bed20d5a703826d4df931ae7d11f6ae331ffc9c801823bcad1db0790d447b5bb50a1e15d0216b2e226fe93b823fc3a3370e
- SSDEEP
  
  49152:d24/iTDy7s9PAY6w83m3R2HO7jo5wcSZmI/m/WahOVLT3Mk:Imi/yw9PAYT83mB286n/JhOVL7Mk
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader