gcleaner | ff9e867f3592358278ec211303fc25157961b4d9d6ce0c20ddbd8d13691d2f6c | Triage

Sharing

General

Target

ff9e867f3592358278ec211303fc25157961b4d9d6ce0c20ddbd8d13691d2f6c
Size

2.3MB
Sample

230315-pqqpjadb39
MD5

147470c2d317cdce99dda6f9124637f6
SHA1

8b3dfb3cf431c4c65a5b272538bfbbbb68d5ea5e
SHA256

ff9e867f3592358278ec211303fc25157961b4d9d6ce0c20ddbd8d13691d2f6c
SHA512

f48cb2af88e77b6f102fc8ae6c52ce9c992c76610d604c243deaf57a164a59c15c12d022b44ec06cbac7ed9f13716f7871b8d040526b491838d1d73b65d22b98
SSDEEP

49152:32ULLff6Pbvr3H3K9SZ+REUCIQJBPne2g4evycV3Y11k:mULLffsbvLK8ZHIWe2RevycVo1+

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  ff9e867f3592358278ec211303fc25157961b4d9d6ce0c20ddbd8d13691d2f6c
- Size
  
  2.3MB
- MD5
  
  147470c2d317cdce99dda6f9124637f6
- SHA1
  
  8b3dfb3cf431c4c65a5b272538bfbbbb68d5ea5e
- SHA256
  
  ff9e867f3592358278ec211303fc25157961b4d9d6ce0c20ddbd8d13691d2f6c
- SHA512
  
  f48cb2af88e77b6f102fc8ae6c52ce9c992c76610d604c243deaf57a164a59c15c12d022b44ec06cbac7ed9f13716f7871b8d040526b491838d1d73b65d22b98
- SSDEEP
  
  49152:32ULLff6Pbvr3H3K9SZ+REUCIQJBPne2g4evycV3Y11k:mULLffsbvLK8ZHIWe2RevycVo1+
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader