Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

file.exe
Size

1MB
Sample

230327-pnbslafd9t
MD5

c3ac9820210102d288551f6eae5ff38e
SHA1

4dc9cdfb00290e39ef9c0b8bbd10192bd9f623c2
SHA256

aa1f0bddc9a79c80d9ea7b5bed05c86d41d03e558ac3471bf627b7f5d85a6cd5
SHA512

cde891cd318aaed211243e7ec5a4cda70afcfb7d82f21ac0c6ffed7c129150134453da84b23f3894ecd58e69c997ed40f442fc6e2ca4728fd4553e70a2adac6b
SSDEEP

49152:EGlJfsYpw5gXXar/dOdpdyy/vyT5dlLYp:5hpbHy/dAyyWPYp

Score

10^/10

gcleaner discovery loader

Malware Config

Extracted

Family

gcleaner

C2

45.12.253.56

45.12.253.72

45.12.253.98

45.12.253.75

Targets

- Target
  
  file.exe
- Size
  
  1MB
- MD5
  
  c3ac9820210102d288551f6eae5ff38e
- SHA1
  
  4dc9cdfb00290e39ef9c0b8bbd10192bd9f623c2
- SHA256
  
  aa1f0bddc9a79c80d9ea7b5bed05c86d41d03e558ac3471bf627b7f5d85a6cd5
- SHA512
  
  cde891cd318aaed211243e7ec5a4cda70afcfb7d82f21ac0c6ffed7c129150134453da84b23f3894ecd58e69c997ed40f442fc6e2ca4728fd4553e70a2adac6b
- SSDEEP
  
  49152:EGlJfsYpw5gXXar/dOdpdyy/vyT5dlLYp:5hpbHy/dAyyWPYp
Score

10^/10

gcleaner discovery loader
- GCleaner
  GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
  loader gcleaner
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Query Registry

T1012

System Information Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

gcleanerdiscoveryloader

behavioral2

gcleanerdiscoveryloader