Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

file.exe
Size

1MB
Sample

230324-qnc64agf5t
MD5

d3fddf13bc4e9a1b7687e67419fcbce1
SHA1

1288e4aa974a08f09419559c1dc93ab8cab46a7c
SHA256

3d3fcbf9ff9a5c092b1e3bedfe76b0330b5dbfdc7e03288aecd45cab984d40ff
SHA512

81d9dc025e98e357cab5eca76380742aa3b38bc15f965720a0ce241d35844aaf09cd08b82b4520badf610e8ff3d70039ef9a801a50ce3471357be42ce2a8231f
SSDEEP

49152:EGlJfshd3bRC72tdxKnxmZTPBrDUXUmsoPRkHWi+fLrY2cK5dlLYp:5EVC7kMxmZTtD6Um35k2r/YIPYp

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  1MB
- MD5
  
  d3fddf13bc4e9a1b7687e67419fcbce1
- SHA1
  
  1288e4aa974a08f09419559c1dc93ab8cab46a7c
- SHA256
  
  3d3fcbf9ff9a5c092b1e3bedfe76b0330b5dbfdc7e03288aecd45cab984d40ff
- SHA512
  
  81d9dc025e98e357cab5eca76380742aa3b38bc15f965720a0ce241d35844aaf09cd08b82b4520badf610e8ff3d70039ef9a801a50ce3471357be42ce2a8231f
- SSDEEP
  
  49152:EGlJfshd3bRC72tdxKnxmZTPBrDUXUmsoPRkHWi+fLrY2cK5dlLYp:5EVC7kMxmZTtD6Um35k2r/YIPYp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader