gcleaner | 75bc2f27685b2a66245fc8d9491a0ab88bc16e218f0acb5881d4e4e08f3e8fa2 | Triage

Sharing

General

Target

75bc2f27685b2a66245fc8d9491a0ab88bc16e218f0acb5881d4e4e08f3e8fa2
Size

1.2MB
Sample

230315-pqm9eadb36
MD5

bf212e843c09d9b273f82463157d1f92
SHA1

10e0b2178056b4d0fe3d59d5746a74e4ea7da76a
SHA256

75bc2f27685b2a66245fc8d9491a0ab88bc16e218f0acb5881d4e4e08f3e8fa2
SHA512

379de95907e34931c0e9ce793b34bae5f2cb9c61f7f7673b2e09f7891f01c34a435e3ab3b7a690fac3017bfc48a5b59c915dd1801201d9cbd6674bc18d2734a7
SSDEEP

24576:720xmjyg2pDh5kK7nbfVnc/MAkGVRbQqR9+scKlW1CmQgAJB4Skl5l/HlUYi30:72BjygQDLkK7btncnkARPvplW1CmsulJ

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  75bc2f27685b2a66245fc8d9491a0ab88bc16e218f0acb5881d4e4e08f3e8fa2
- Size
  
  1.2MB
- MD5
  
  bf212e843c09d9b273f82463157d1f92
- SHA1
  
  10e0b2178056b4d0fe3d59d5746a74e4ea7da76a
- SHA256
  
  75bc2f27685b2a66245fc8d9491a0ab88bc16e218f0acb5881d4e4e08f3e8fa2
- SHA512
  
  379de95907e34931c0e9ce793b34bae5f2cb9c61f7f7673b2e09f7891f01c34a435e3ab3b7a690fac3017bfc48a5b59c915dd1801201d9cbd6674bc18d2734a7
- SSDEEP
  
  24576:720xmjyg2pDh5kK7nbfVnc/MAkGVRbQqR9+scKlW1CmQgAJB4Skl5l/HlUYi30:72BjygQDLkK7btncnkARPvplW1CmsulJ
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader