gcleaner | de6333fb3151d0c50a1365dda6175651315c58c0850ee5ef44e88b342fc5e567 | Triage

Sharing

General

Target

de6333fb3151d0c50a1365dda6175651315c58c0850ee5ef44e88b342fc5e567
Size

1.8MB
Sample

230315-psmewsfc2y
MD5

a1841869d7ede13a2893a2b2b77b14a3
SHA1

9cfebc5634cf8e872a496f7c488a413973e01461
SHA256

de6333fb3151d0c50a1365dda6175651315c58c0850ee5ef44e88b342fc5e567
SHA512

3d79cdaddc795e5f0c42afbe3653438bc9e2c13cc1bde5269ed1b7ed296feb46e7a0f18eaa696be236cb530b8fdc2e7630829658e04d47b9e51f45a0a13991c8
SSDEEP

49152:r2tzxFzO9JNeECGnt2ywkNwz12kzzmLd1qap+y0:iNb8JNCy2x4k34d1ZEy

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.139.105.171

85.31.46.167

107.182.129.235

171.22.30.106

Targets

- Target
  
  de6333fb3151d0c50a1365dda6175651315c58c0850ee5ef44e88b342fc5e567
- Size
  
  1.8MB
- MD5
  
  a1841869d7ede13a2893a2b2b77b14a3
- SHA1
  
  9cfebc5634cf8e872a496f7c488a413973e01461
- SHA256
  
  de6333fb3151d0c50a1365dda6175651315c58c0850ee5ef44e88b342fc5e567
- SHA512
  
  3d79cdaddc795e5f0c42afbe3653438bc9e2c13cc1bde5269ed1b7ed296feb46e7a0f18eaa696be236cb530b8fdc2e7630829658e04d47b9e51f45a0a13991c8
- SSDEEP
  
  49152:r2tzxFzO9JNeECGnt2ywkNwz12kzzmLd1qap+y0:iNb8JNCy2x4k34d1ZEy
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader