gcleaner | 9002e4a7f0c6a57a0436aed44b2b7cd62cb36d402eb528df3cdede12d4f06df3 | Triage

Sharing

General

Target

9002e4a7f0c6a57a0436aed44b2b7cd62cb36d402eb528df3cdede12d4f06df3
Size

2.2MB
Sample

230315-pqqdrsdb38
MD5

164ae80d86d7e06bd0aa30ebf8ee0347
SHA1

c1e4f717b6f2d05b416007972de212b2139db73f
SHA256

9002e4a7f0c6a57a0436aed44b2b7cd62cb36d402eb528df3cdede12d4f06df3
SHA512

df717a7b9269aefe7b141459dbbb4206e769e967dde9aa8597b3b3cc94ac0cd3d52d7d93732d9f90f52f0e922a0a7017c357a2ac9173a76fc5a40ce461b04b48
SSDEEP

49152:32ALLiNVZI1Yr98vgJxO2/+T2ArTXrELV3Y11Ag:mALLiN7HbZy2ArTXQLVo1+

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  9002e4a7f0c6a57a0436aed44b2b7cd62cb36d402eb528df3cdede12d4f06df3
- Size
  
  2.2MB
- MD5
  
  164ae80d86d7e06bd0aa30ebf8ee0347
- SHA1
  
  c1e4f717b6f2d05b416007972de212b2139db73f
- SHA256
  
  9002e4a7f0c6a57a0436aed44b2b7cd62cb36d402eb528df3cdede12d4f06df3
- SHA512
  
  df717a7b9269aefe7b141459dbbb4206e769e967dde9aa8597b3b3cc94ac0cd3d52d7d93732d9f90f52f0e922a0a7017c357a2ac9173a76fc5a40ce461b04b48
- SSDEEP
  
  49152:32ALLiNVZI1Yr98vgJxO2/+T2ArTXrELV3Y11Ag:mALLiN7HbZy2ArTXQLVo1+
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader