gcleaner | f3bb8d356f39bb666631b246c68da36f39593d4b5b4ad377a0970e153d2289c1 | Triage

Sharing

General

Target

f3bb8d356f39bb666631b246c68da36f39593d4b5b4ad377a0970e153d2289c1
Size

1.4MB
Sample

230315-pqmymsfb9x
MD5

8b5d3a4abb22aca56b4584da6f7f018e
SHA1

787ef80ac178cba9f8557b630cd4c897b6e4a388
SHA256

f3bb8d356f39bb666631b246c68da36f39593d4b5b4ad377a0970e153d2289c1
SHA512

0a5cbd3746905e50057f3a9581c2761b09d02210372caaf2878a2fa5703592cb51408d56a562f14306eb708ee98b3dc18f25061ce71db64f1abf6497e4662394
SSDEEP

24576:120eZVq5ovmB+B3iSGf6BKO4qF8tG2pZnhBHjSkl5l/HlFyng:12dVN5slJtG2ph7HPl5Og

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  f3bb8d356f39bb666631b246c68da36f39593d4b5b4ad377a0970e153d2289c1
- Size
  
  1.4MB
- MD5
  
  8b5d3a4abb22aca56b4584da6f7f018e
- SHA1
  
  787ef80ac178cba9f8557b630cd4c897b6e4a388
- SHA256
  
  f3bb8d356f39bb666631b246c68da36f39593d4b5b4ad377a0970e153d2289c1
- SHA512
  
  0a5cbd3746905e50057f3a9581c2761b09d02210372caaf2878a2fa5703592cb51408d56a562f14306eb708ee98b3dc18f25061ce71db64f1abf6497e4662394
- SSDEEP
  
  24576:120eZVq5ovmB+B3iSGf6BKO4qF8tG2pZnhBHjSkl5l/HlFyng:12dVN5slJtG2ph7HPl5Og
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader