gcleaner | 022878e6acdaae3e0f819caf114e6db54bce1576c9728ce93d86520a569fa17e | Triage

Sharing

General

Target

022878e6acdaae3e0f819caf114e6db54bce1576c9728ce93d86520a569fa17e
Size

2.2MB
Sample

230315-pqqdrsfb9y
MD5

2c29e372b3859e89028f974a69811eca
SHA1

318607491b9f3c9aa6fe241e8e4e199e77d4ba1c
SHA256

022878e6acdaae3e0f819caf114e6db54bce1576c9728ce93d86520a569fa17e
SHA512

8999d8f64d0b483c486ec8227c51c23cae5bf077b0b7c72828688669250b6d8f222c3199e8c8220ac5112b77be458e3b2900d22683c26195dedce67aae2462ae
SSDEEP

49152:22vLLI5dzYWffCLmpbEIsW6rlWo4N4tglFsS8aV3Y11A:PvLLI5RfhEY6Io0sSPVo1+

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  022878e6acdaae3e0f819caf114e6db54bce1576c9728ce93d86520a569fa17e
- Size
  
  2.2MB
- MD5
  
  2c29e372b3859e89028f974a69811eca
- SHA1
  
  318607491b9f3c9aa6fe241e8e4e199e77d4ba1c
- SHA256
  
  022878e6acdaae3e0f819caf114e6db54bce1576c9728ce93d86520a569fa17e
- SHA512
  
  8999d8f64d0b483c486ec8227c51c23cae5bf077b0b7c72828688669250b6d8f222c3199e8c8220ac5112b77be458e3b2900d22683c26195dedce67aae2462ae
- SSDEEP
  
  49152:22vLLI5dzYWffCLmpbEIsW6rlWo4N4tglFsS8aV3Y11A:PvLLI5RfhEY6Io0sSPVo1+
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader