gcleaner | 5addceb4050dcc5b5cec029483922b52c27446af43bdbe206900776f548047b5 | Triage

Submit
Reports

Overview

overview

Static

static

1

b2a919d54f...3b.exe

windows7-x64

b2a919d54f...3b.exe

windows10-2004-x64

Sharing

General

Target

b2a919d54f551c37d450ee54568d0616d8ebf0ceec10af497482a0cbc948c43b.zip
Size

3.0MB
Sample

230321-ryq2dabb74
MD5

0bdc5d6832f313929afc0e42c5f7055d
SHA1

56516580993c6e7031c68f31c4582707080a3ecd
SHA256

5addceb4050dcc5b5cec029483922b52c27446af43bdbe206900776f548047b5
SHA512

921a7d09a129e94e978dec14a55f380d7a74b8387705a237fa8bef05ce0164056678994f2234fcf9592f944a31c6ae97a132e341e89c3dfea755723e60b8b668
SSDEEP

49152:W2GMQDifBkCuS+0Ql46vuh0xqz23Cj28Naw077Q/tzUKs0BQM6h+Cv69w33Szs:DGM8i5kVJ0047C3Cj2WN/6KXz6h3v135

Score

10^/10

gcleaner discovery loader

Static task

static1

Behavioral task

behavioral1

Sample

b2a919d54f551c37d450ee54568d0616d8ebf0ceec10af497482a0cbc948c43b.exe

Resource

win7-20230220-en

gcleaner discovery loader

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b2a919d54f551c37d450ee54568d0616d8ebf0ceec10af497482a0cbc948c43b.exe

Resource

win10v2004-20230220-en

gcleaner discovery loader

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  b2a919d54f551c37d450ee54568d0616d8ebf0ceec10af497482a0cbc948c43b.exe
- Size
  
  3.0MB
- MD5
  
  449410c45c0baf7fce8da32950063d6d
- SHA1
  
  ff7de2f8403a036ede33a9b893f6902bf30eeb83
- SHA256
  
  b2a919d54f551c37d450ee54568d0616d8ebf0ceec10af497482a0cbc948c43b
- SHA512
  
  ef8cabdc7f10d54cd2cb2b8a1c028a09ebe75b3c555ce6ab16e4315b0a23183b95b6e4c59a9991f8e62d2b0c27a7777f196eb6202f8ba15f1074fcd287139749
- SSDEEP
  
  98304:d/R+ltKuAiMtJ9XkSLX1sbWsCrL7QUFbRPOKz:jcAuUP9USLzsmL7QUFbRW4
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader

© 2018-2024

Terms | Privacy