gcleaner | c083228d34758c9cef968fe6f448f230ae5cabf273ae22508a5c8810208034c3 | Triage

Sharing

General

Target

c083228d34758c9cef968fe6f448f230ae5cabf273ae22508a5c8810208034c3
Size

2.0MB
Sample

230315-psg56sdb45
MD5

c46b7303472b5aaf444c210138079f49
SHA1

08786e730e7534c8cd6c2b46fc5a5b010b61cccc
SHA256

c083228d34758c9cef968fe6f448f230ae5cabf273ae22508a5c8810208034c3
SHA512

22488e2bca53721622e05b5a8b2315f7b4d9c370f6f90ec080ef3663bffe40be34a7d72f9f88c9ad9c248b67ca06f640c4d9920328ff22c8d02c6b839b27267b
SSDEEP

49152:B23LLyd9mRi0cqgdM1GqnW7ae9JXWkd31E6pJ43OtBV3Y11P0:E3LLyd98i7qgdM1oeezr1E6H9tBVo11

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  c083228d34758c9cef968fe6f448f230ae5cabf273ae22508a5c8810208034c3
- Size
  
  2.0MB
- MD5
  
  c46b7303472b5aaf444c210138079f49
- SHA1
  
  08786e730e7534c8cd6c2b46fc5a5b010b61cccc
- SHA256
  
  c083228d34758c9cef968fe6f448f230ae5cabf273ae22508a5c8810208034c3
- SHA512
  
  22488e2bca53721622e05b5a8b2315f7b4d9c370f6f90ec080ef3663bffe40be34a7d72f9f88c9ad9c248b67ca06f640c4d9920328ff22c8d02c6b839b27267b
- SSDEEP
  
  49152:B23LLyd9mRi0cqgdM1GqnW7ae9JXWkd31E6pJ43OtBV3Y11P0:E3LLyd98i7qgdM1oeezr1E6H9tBVo11
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader